CVE-2023-4792 | Vulnerability Database | Aqua Security

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages.

Affected Software

Name	Vendor	Start Version	End Version
Duplicate_post_page_menu_&_custom_post_type	Inqsys	*	2.3.1 (including)

References

https://plugins.trac.wordpress.org/browser/duplicate-post-page-menu-custom-post-type/trunk/duplicate-post-page-menu-cpt.php?rev=2871256#L383
https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2963515%40duplicate-post-page-menu-custom-post-type\u0026new=2963515%40duplicate-post-page-menu-custom-post-type\u0026sfp_email=\u0026sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/d6bb08e8-9ef5-41db-a111-c377a5dfae77?source=cve

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-4792
CWE	https://cwe.mitre.org/data/definitions/.html