[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLBHcWrvq6cAn-yXxjvsmFnQLN3lAr1q3iXFf1GNAc2o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":14,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":43,"crawl_stats":33,"alternatives":47,"analysis":48,"fingerprints":126},"atec-duplicate-page-post","atec Duplicate Page & Post","1.2.25","docjojo","https:\u002F\u002Fprofiles.wordpress.org\u002Fdocjojo\u002F","\u003Cp>This plugin adds a “duplicate” link to every page \u002F post in the page \u002F post list – for easy duplication.\u003Cbr \u002F>\nNo configuration required.\u003C\u002Fp>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Ch3>Integrity check\u003C\u002Fh3>\n\u003Cp>Once, when activating the plugin, an integrity check is requested from our server – if you give your permission.\u003Cbr \u002F>\nSource: https:\u002F\u002Fatecplugins.com\u002F\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fatecplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","Duplicate page or post with one click.",20,276,100,1,"","6.9.4","4.9","7.4",[20],"duplicate-page-or-post-with-one-click","https:\u002F\u002Fatecplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatec-duplicate-page-post.1.2.25.zip",99,0,"2025-11-24 19:06:44","2026-03-15T10:48:56.248Z",[28],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":35,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":25,"updated_date":40,"references":41,"days_to_patch":14},"CVE-2025-13404","atec-duplicate-page-post-missing-authorization-to-authenticated-contributor-arbitrary-post-duplication-and-data-exposure","atec Duplicate Page & Post \u003C= 1.2.20 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Duplication and Data Exposure","The atec Duplicate Page & Post plugin for WordPress is vulnerable to unauthorized post duplication due to missing authorization validation on the duplicate_post() function in all versions up to, and including, 1.2.20. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate arbitrary posts, including private and password-protected posts, leading to data exposure.",null,"\u003C=1.2.20","1.2.21","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Missing Authorization","2025-11-25 07:28:23",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa793b24f-979e-4209-93f7-cff8d3867a7d?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":44,"total_installs":45,"avg_security_score":23,"avg_patch_time_days":14,"trust_score":23,"computed_at":46},16,2730,"2026-04-04T15:24:25.330Z",[],{"attackSurface":49,"codeSignals":98,"taintFlows":117,"riskAssessment":118,"analyzedAt":125},{"hooks":50,"ajaxHandlers":88,"restRoutes":95,"shortcodes":96,"cronEvents":97,"entryPointCount":14,"unprotectedCount":14},[51,57,60,64,67,71,73,78,81,85],{"type":52,"name":53,"callback":54,"file":55,"line":56},"action","admin_menu","closure","atec-duplicate-page-post.php",29,{"type":52,"name":58,"callback":54,"file":55,"line":59},"admin_init",31,{"type":52,"name":61,"callback":54,"file":62,"line":63},"admin_enqueue_scripts","includes\\ATEC\\INIT.php",564,{"type":52,"name":65,"callback":54,"file":62,"line":66},"admin_notices",647,{"type":52,"name":68,"callback":54,"priority":69,"file":62,"line":70},"admin_footer",10,688,{"type":52,"name":65,"callback":54,"file":62,"line":72},720,{"type":74,"name":75,"callback":76,"priority":24,"file":77,"line":69},"filter","post_row_actions","add_duplicate_link","includes\\atec-wpdpp-hooks.php",{"type":74,"name":79,"callback":76,"priority":24,"file":77,"line":80},"page_row_actions",11,{"type":52,"name":82,"callback":83,"file":77,"line":84},"admin_action_atec_wpdpp_duplicate_post","duplicate_post",12,{"type":52,"name":65,"callback":86,"file":77,"line":87},"show_admin_notice",13,[89],{"action":90,"nopriv":91,"callback":92,"hasNonce":91,"hasCapCheck":91,"file":93,"line":94},"atec_admin_notice_dismiss",false,"dismiss_notice","includes\\ATEC\\LOADER.php",109,[],[],[],{"dangerousFunctions":99,"sqlUsage":100,"outputEscaping":102,"fileOperations":113,"externalRequests":14,"nonceChecks":114,"capabilityChecks":115,"bundledLibraries":116},[],{"prepared":24,"raw":24,"locations":101},[],{"escaped":103,"rawEcho":104,"locations":105},247,2,[106,110],{"file":107,"line":108,"context":109},"includes\\ATEC\\SVG.php",557,"raw output",{"file":111,"line":112,"context":109},"includes\\ATEC\\TOOLS.php",1211,15,4,7,[],[],{"summary":119,"deductions":120},"The \"atec-duplicate-page-post\" plugin v1.2.25 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping almost all output. It also incorporates nonce and capability checks, which are crucial for securing WordPress functionalities. The absence of taint analysis findings and dangerous function calls further suggests a generally well-written codebase.\n\nHowever, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This represents a direct entry point that could be exploited by unauthenticated users if it performs any sensitive operations. The plugin also has a history of past vulnerabilities, with one medium severity CVE recorded. While currently unpatched vulnerabilities are zero, the recurrence of missing authorization as a common vulnerability type in its history is a red flag, suggesting potential recurring oversight in securing entry points.\n\nIn conclusion, while the plugin benefits from strong coding practices in areas like SQL and output handling, the unprotected AJAX endpoint and historical vulnerability patterns necessitate careful consideration. The focus should be on securing this exposed entry point and ensuring that future updates address any potential authorization flaws to mitigate risks.",[121,123],{"reason":122,"points":69},"AJAX handler without authentication check",{"reason":124,"points":69},"Past medium severity CVE","2026-03-16T22:42:52.947Z",{"wat":127,"direct":136},{"assetPaths":128,"generatorPatterns":131,"scriptPaths":132,"versionParams":133},[129,130],"\u002Fwp-content\u002Fplugins\u002Fatec-duplicate-page-post\u002Fincludes\u002FATEC\u002Fassets\u002Fcss\u002Fatec-wpdpp-admin.css","\u002Fwp-content\u002Fplugins\u002Fatec-duplicate-page-post\u002Fincludes\u002FATEC\u002Fassets\u002Fjs\u002Fatec-wpdpp-admin.js",[],[130],[134,135],"atec-wpdpp-admin.js?ver=","atec-wpdpp-admin.css?ver=",{"cssClasses":137,"htmlComments":140,"htmlAttributes":141,"restEndpoints":143,"jsGlobals":144,"shortcodeOutput":146},[138,139],"atec-wpdpp-admin-row","atec-wpdpp-clone-button",[],[142],"data-atec-wpdpp-id",[],[145],"atec_wpdpp_ajax_cb",[]]