Does Blog Copier have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Blog Copier compatible with WordPress 3.9.40?

According to WordPress.org data, Blog Copier 1.0.7 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is Blog Copier updated?

Blog Copier was last updated on Sep 5, 2014. Frequent updates are generally a positive security signal.

What is Blog Copier's security score?

Blog Copier has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Blog Copier Security & Risk Analysis

wordpress.org/plugins/blog-copier

Enables superusers to copy existing sub blogs to new sub blogs.

100 active installs v1.0.7 PHP + WP 3.0+ Updated Sep 5, 2014

blogcopyduplicatereplicatesite

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Blog Copier Safe to Use in 2026?

Generally Safe

Score 85/100

Blog Copier has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The blog-copier plugin v1.0.7 presents a mixed security profile. On the positive side, it exhibits strong practices by using prepared statements for all SQL queries, avoiding file operations and external HTTP requests, and including a reasonable number of nonce and capability checks relative to its limited attack surface. The absence of any recorded vulnerabilities or CVEs in its history is also a significant strength, suggesting a history of stable and potentially well-maintained code.

However, the static analysis reveals some critical areas of concern. The presence of the `exec` function is a red flag, as it can be used to execute arbitrary commands on the server if not handled with extreme care. Compounding this, the taint analysis indicates a flow with an unsanitized path, identified as a critical severity issue. This flow, combined with the `exec` function, could potentially lead to remote code execution if an attacker can control the input to this unsanitized path.

While the plugin's attack surface appears small and seemingly protected, the critical taint flow is a significant weakness. The lack of historical vulnerabilities might be due to the limited exposure or a past successful defense against potential exploits. Nevertheless, the critical taint flow and the `exec` function are serious enough to warrant immediate attention and mitigation.

Key Concerns

Critical severity taint flow with unsanitized path
Use of dangerous function 'exec'
Low percentage of properly escaped output

Vulnerabilities

None known

Blog Copier Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Blog Copier Release Timeline

v1.0.7Current

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Blog Copier Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec($command);blog-copier.php:374

SQL Query Safety

100% prepared12 total queries

Output Escaping

20% escaped10 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

admin_page (blog-copier.php:86)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Blog Copier Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionnetwork_admin_menublog-copier.php:50

filtermanage_sites_action_linksblog-copier.php:51

Maintenance & Trust

Blog Copier Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedSep 5, 2014

PHP min version

Downloads38K

Community Trust

Rating92/100

Number of ratings14

Active installs100

Alternatives

Blog Copier Alternatives

Multisite Post Duplicator

multisite-post-duplicator

Duplicate/Copy/Clone any individual page, post or custom post type from one site on your multisite network to another.

400 1 unpatched

WP Duplicate – WordPress Migration Plugin

local-sync

Easily migrate or clone your WordPress Site from one host to another.

200 2 CVEs

Multisite Cloner

multisite-cloner

When creating a new blog on WordPress Multisite, copies all the posts, settings and files, from a selected blog into the new one.

100 No CVEs

Accounting Records Copywriter

accounting-records-copywriter

Упрощение работы администратора с копиратером рерайтером на вашем блоге / Admin’s work simplification with copywriter rewriter for your blog

10 No CVEs

Network Post Duplicator

network-post-duplicator

100

A simple plugin to duplicate your posts across a WordPress multisite network, with optional PRO tools for advanced synchronization.

10 No CVEs

Developer Profile

Blog Copier Developer Profile

Modern Tribe, Inc.

7 plugins · 8K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Blog Copier

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

name="source_blog"name="blog[domain]"name="blog[title]"name="copy_files"title="Subdomain"title="Domain"+1 more

FAQ