WP-Safety

Duplicate Post Security & Risk Analysis

wordpress.org/plugins/copy-delete-posts

Duplicate post

300K active installs v1.5.3 PHP 5.6+ WP 4.6+ Updated Mar 13, 2026
copy-pagescopy-postsduplicate-pagesduplicate-postduplicate-posts
99
A · Safe
CVEs total2
Unpatched0
Last CVEAug 3, 2023
Plugin page Download
Safety Verdict

Is Duplicate Post Safe to Use in 2026?

Generally Safe

Score 99/100

Duplicate Post has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Aug 3, 2023Updated 2mo ago
Risk Assessment

The "copy-delete-posts" plugin exhibits a mixed security posture. While it demonstrates strengths such as the use of nonces and capability checks for most entry points, and a good percentage of SQL queries utilizing prepared statements, significant concerns remain. The presence of three AJAX handlers without authentication checks and taint analysis revealing two high-severity flows with unsanitized paths are particularly alarming, indicating potential avenues for unauthorized actions and data manipulation.

The plugin's vulnerability history shows a pattern of medium severity vulnerabilities, specifically CSRF and SQL Injection. The fact that there are no currently unpatched vulnerabilities is a positive sign, suggesting that past issues have been addressed. However, the recurring nature of SQL injection concerns, even if previously patched, highlights a potential weakness in input validation that needs continued vigilance. The use of the `unserialize` function, a known risky operation, further contributes to the potential attack surface.

Overall, while the plugin has implemented some good security practices, the identified unprotected entry points and high-severity taint flows represent immediate risks that could be exploited. The historical pattern of SQL injection vulnerabilities also warrants careful monitoring. A balanced conclusion is that the plugin is not inherently insecure but requires immediate attention to its unprotected AJAX handlers and taint analysis findings to mitigate significant risks.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows with unsanitized paths
  • Dangerous function: unserialize
  • SQL queries not using prepared statements
  • Improperly escaped output
  • Historical SQL Injection vulnerabilities
Vulnerabilities
2 published

Duplicate Post Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

WF-a8c8d839-d2a4-4b2a-ad61-a3cda7826636-copy-delete-postsmedium · 6.3Cross-Site Request Forgery (CSRF)

Duplicate Post <= 1.4.1 - Cross-Site Request Forgery via 'cdp_action_handling' AJAX action

Aug 3, 2023 Patched in 1.4.2 (173d)
CVE-2021-43408medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Duplicate Post WordPress Plugin <= 1.1.9 - SQL Injection

Oct 19, 2021 Patched in 1.2.0 (826d)
Version History

Duplicate Post Release Timeline

v1.5.3Current22 files changed
v1.5.25 files changed
v1.5.121 files changed
v1.5.03 files changed
v1.4.93 files changed
v1.4.82 files changed
v1.4.76 files changed
v1.4.62 files changed
v1.4.513 files changed
v1.4.413 files changed
v1.4.33 files changed
v1.4.27 files changed
v1.4.11 CVE7 files changed
WF-a8c8d839-d2a4-4b2a-ad61-a3cda7826636-copy-delete-posts
v1.4.01 CVE5 files changed
WF-a8c8d839-d2a4-4b2a-ad61-a3cda7826636-copy-delete-posts
v1.3.91 CVE21 files changed
WF-a8c8d839-d2a4-4b2a-ad61-a3cda7826636-copy-delete-posts
v1.3.81 CVE4 files changed
WF-a8c8d839-d2a4-4b2a-ad61-a3cda7826636-copy-delete-posts
v1.3.71 CVE7 files changed
WF-a8c8d839-d2a4-4b2a-ad61-a3cda7826636-copy-delete-posts
v1.3.61 CVE10 files changed
WF-a8c8d839-d2a4-4b2a-ad61-a3cda7826636-copy-delete-posts
v1.3.51 CVE9 files changed
WF-a8c8d839-d2a4-4b2a-ad61-a3cda7826636-copy-delete-posts
v1.3.41 CVE
WF-a8c8d839-d2a4-4b2a-ad61-a3cda7826636-copy-delete-posts
Code Analysis
Analyzed Mar 16, 2026

Duplicate Post Code Analysis

Dangerous Functions
3
Raw SQL Queries
3
5 prepared
Unescaped Output
84
81 escaped
Nonce Checks
10
Capability Checks
8
File Operations
9
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$values = is_array($raw) ? $raw : @unserialize($raw);analyst\src\Cache\DatabaseCache.php:90
unserializereturn @unserialize($raw);analyst\src\Storage\FileStorage.php:55
unserialize$content = unserialize(stripslashes($content));post\handler.php:645

SQL Query Safety

63% prepared8 total queries

Output Escaping

49% escaped165 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
cdp_save_plugin_options (post\handler.php:222)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Duplicate Post Attack Surface

Entry Points10
Unprotected3

AJAX Handlers 10

authwp_ajax_analyst_notification_dismissanalyst\src\Mutator.php:103
authwp_ajax_inisev_installationbanner\misc.php:65
authwp_ajax_inisev_installation_widgetbanner\misc.php:66
authwp_ajax_tifm_save_decisioncopy-delete-posts.php:1125
authwp_ajax_dismiss_new_bb_bannermodules\new-bb-banner\misc.php:103
authwp_ajax_install_bmimodules\new-bb-banner\misc.php:104
authwp_ajax_activate_bmimodules\new-bb-banner\misc.php:105
authwp_ajax_inisev_reviewmodules\review\review.php:111
authwp_ajax_tifm_notice_actionsmodules\tryOutPlugins\tryOutPlugins.php:36
authwp_ajax_cdp_action_handlingpost\handler.php:15
WordPress Hooks 47
actionwp_loadedanalyst\main.php:67
actionwp_loadedanalyst\src\Analyst.php:93
actionadmin_footeranalyst\src\Mutator.php:59
actionadmin_noticesanalyst\src\Mutator.php:77
actionadmin_enqueue_scriptsanalyst\src\Mutator.php:89
actionadmin_menubanner\misc.php:110
actionadmin_menubanner\misc.php:123
actionins_global_print_carrouselbanner\misc.php:165
actionupdate_option_active_pluginscopy-delete-posts.php:87
actionplugins_loadedcopy-delete-posts.php:98
actionupgrader_process_completecopy-delete-posts.php:106
actioncdp_loadedcopy-delete-posts.php:121
actionadmin_initcopy-delete-posts.php:157
actionadmin_enqueue_scriptscopy-delete-posts.php:183
actionwp_enqueue_scriptscopy-delete-posts.php:258
actionenqueue_block_editor_assetscopy-delete-posts.php:289
actionadmin_menucopy-delete-posts.php:326
filtermailpoet_conflict_resolver_whitelist_stylecopy-delete-posts.php:358
filterpost_row_actionscopy-delete-posts.php:367
filterpage_row_actionscopy-delete-posts.php:395
filterbulk_actions-edit-postcopy-delete-posts.php:426
filterbulk_actions-edit-pagecopy-delete-posts.php:448
actionadmin_bar_menucopy-delete-posts.php:470
actionadmin_bar_menucopy-delete-posts.php:523
actionwp_headcopy-delete-posts.php:552
actionwp_footercopy-delete-posts.php:560
actionadmin_initcopy-delete-posts.php:602
actionadmin_noticescopy-delete-posts.php:603
actionpost_submitbox_startcopy-delete-posts.php:660
actioncdp_cron_deletecopy-delete-posts.php:693
actioncdp_plugin_setupcopy-delete-posts.php:781
filterdisplay_post_statescopy-delete-posts.php:980
actionplugins_loadedcopy-delete-posts.php:1115
actionadmin_enqueue_scriptsmenu\configuration.php:18
actioncdp_notices_specialmenu\variables.php:18
actionwp_loadedmodules\new-bb-banner\misc.php:113
actionadmin_enqueue_scriptsmodules\new-bb-banner\misc.php:286
actionadmin_noticesmodules\new-bb-banner\misc.php:287
actionwp_loadedmodules\review\review.php:120
actionadmin_enqueue_scriptsmodules\review\review.php:322
actionadmin_noticesmodules\review\review.php:323
actionin_admin_footermodules\tryOutPlugins\tryOutPlugins.php:64
actionadmin_noticesmodules\tryOutPlugins\tryOutPlugins.php:68
actionadmin_headmodules\tryOutPlugins\tryOutPlugins.php:69
actionin_admin_footermodules\tryOutPlugins\tryOutPlugins.php:70
filterplugin_install_action_linksmodules\tryOutPlugins\tryOutPlugins.php:361
filterupload_dirpost\handler.php:953

Scheduled Events 2

cdp_cron_delete
cdp_cron_delete
Maintenance & Trust

Duplicate Post Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version5.6
Downloads4.4M

Community Trust

Rating98/100
Number of ratings1,574
Active installs300K
Alternatives

Duplicate Post Alternatives

Quick Copy – Duplicate Posts & Pages

Quick Copy – Duplicate Posts & Pages

duplicator-post-page

A
100

Easily duplicate any post or page, including all metadata and taxonomies, with just one click.

1K No CVEs
Duplicate Post and Clone Page

Duplicate Post and Clone Page

duplicate-post-and-clone-page

A
92

One click duplicate post and page. The best solution for easy copy page and post. It just works!

10 No CVEs
Duplicate Post – duplicate pages, copy content, clone posts

Duplicate Post – duplicate pages, copy content, clone posts

duplicate-post-rb

A
100

Duplicate Post RB makes it easy to duplicate posts, pages and custom post types. Create duplicate posts, clone content, automate duplication

3K No CVEs
Copy it

Copy it

copy-it

A
100

Copy it

0 No CVEs
Clone Posts

Clone Posts

clone-posts

A
100

Easily clone (duplicate) Posts, Pages and Custom Post Types, including their custom fields (post_meta)

10K No CVEs
Developer Profile

Duplicate Post Developer Profile

Inisev

6 plugins · 610K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
464 days
View full developer profile
Detection Fingerprints

How We Detect Duplicate Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/copy-delete-posts/assets/css/cdp-global.css/wp-content/plugins/copy-delete-posts/assets/js/cdp-global.js/wp-content/plugins/copy-delete-posts/assets/css/cdp-select.css/wp-content/plugins/copy-delete-posts/assets/js/cdp-select.js/wp-content/plugins/copy-delete-posts/assets/css/cdp.tooltip.css/wp-content/plugins/copy-delete-posts/assets/js/cdp.tooltip.js/wp-content/plugins/copy-delete-posts/modules/review/review.php/wp-content/plugins/copy-delete-posts/modules/new-bb-banner/misc.php
Script Paths
/wp-content/plugins/copy-delete-posts/assets/js/cdp-global.js/wp-content/plugins/copy-delete-posts/assets/js/cdp-select.js/wp-content/plugins/copy-delete-posts/assets/js/cdp.tooltip.js/wp-content/plugins/copy-delete-posts/modules/review/review.php/wp-content/plugins/copy-delete-posts/modules/new-bb-banner/misc.php
Version Parameters
copy-delete-posts/assets/css/cdp-global.css?ver=copy-delete-posts/assets/js/cdp-global.js?ver=copy-delete-posts/assets/css/cdp-select.css?ver=copy-delete-posts/assets/js/cdp-select.js?ver=copy-delete-posts/assets/css/cdp.tooltip.css?ver=copy-delete-posts/assets/js/cdp.tooltip.js?ver=

HTML / DOM Fingerprints

CSS Classes
cdp-copy-delete-btncdp-action-editcdp-bulk-actionscdp-copy-delete-btn-new
HTML Comments
Admin bar menuReview bannerNew BB Banner
Data Attributes
data-cdp-iddata-cdp-textdata-cdp-urldata-cdp-noncedata-cdp-editdata-cdp-title+3 more
JS Globals
cdp_php_vars
FAQ

Frequently Asked Questions about Duplicate Post