Description
Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Duplicate: from n/a through <= 1.1.6.
Published: 2025-01-24
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Missing Authorization flaw in the revmakx WP Duplicate local‑sync plugin, allowing an attacker to execute plugin functions without proper privileges. This breach enables unauthorized use of plugin features, potentially exposing sensitive data or facilitating further attacks. The weakness is classified as CWE‑862, a Broken Access Control.

Affected Systems

The affected product is the WP Duplicate plugin by revmakx, versions from the earliest available configuration through version 1.1.6.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate risk, and the EPSS score of less than 1% suggests a low likelihood of exploitation at present. The vulnerability is not listed in CISA KEV, and no current public exploits are documented. Likely attack vectors include automated web requests targeting the plugin’s interface or endpoints, exploiting the incorrect access control levels to gain unauthorized functionality. The impact is confined to the WordPress site where the plugin is installed and could affect confidentiality and integrity of content managed through the plugin.

Generated by OpenCVE AI on May 2, 2026 at 05:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or remove the WP Duplicate plugin to eliminate the vulnerable code path until a patch is available.
  • Restrict WordPress role permissions to limit access to the plugin’s admin functions, ensuring only trusted administrators can use features that interact with external synchronization services.
  • Check the vendor’s website or support channels for an update; if a patch is released, install it promptly to remediate the authorization flaw.

Generated by OpenCVE AI on May 2, 2026 at 05:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3849 Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6. Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Duplicate: from n/a through <= 1.1.6.
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Fri, 24 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Jan 2025 17:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Revmakx WP Duplicate – WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate – WordPress Migration Plugin: from n/a through 1.1.6.
Title WordPress WP Duplicate plugin <= 1.1.6 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:31.280Z

Reserved: 2025-01-23T14:51:41.777Z

Link: CVE-2025-24652

cve-icon Vulnrichment

Updated: 2025-01-24T18:46:53.796Z

cve-icon NVD

Status : Deferred

Published: 2025-01-24T18:15:39.517

Modified: 2026-06-17T08:59:23.003

Link: CVE-2025-24652

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T05:30:26Z

Weaknesses