The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-09-07T01:52:17.103Z

Updated: 2024-08-02T07:38:00.521Z

Reserved: 2023-09-06T12:47:07.323Z

Link: CVE-2023-4792

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-09-07T02:15:08.163

Modified: 2024-11-21T08:35:58.810

Link: CVE-2023-4792

cve-icon Redhat

No data.