The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-09-07T01:52:17.103Z
Updated: 2024-08-02T07:38:00.521Z
Reserved: 2023-09-06T12:47:07.323Z
Link: CVE-2023-4792
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-07T02:15:08.163
Modified: 2024-11-21T08:35:58.810
Link: CVE-2023-4792
Redhat
No data.