Does Delete Duplicate Posts have any unpatched vulnerabilities?

No. All known vulnerabilities in Delete Duplicate Posts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Delete Duplicate Posts compatible with WordPress 6.9.4?

According to WordPress.org data, Delete Duplicate Posts 5.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Delete Duplicate Posts compatible with PHP 7.4+?

Delete Duplicate Posts requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Delete Duplicate Posts updated?

Delete Duplicate Posts was last updated on Mar 8, 2026. Frequent updates are generally a positive security signal.

What is Delete Duplicate Posts's security score?

Delete Duplicate Posts has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Delete Duplicate Posts Security & Risk Analysis

wordpress.org/plugins/delete-duplicate-posts

Get rid of duplicate posts and pages (any post type) on your blog with manual or automatic modes.

20K active installs v5.0.3 PHP 7.4+ WP 4.7+ Updated Mar 8, 2026

cleanupdelete-duplicate-postsduplicatesoptimizationperformance

A · Safe

CVEs total2

Unpatched0

Last CVENov 13, 2023

Plugin page Download

Safety Verdict

Is Delete Duplicate Posts Safe to Use in 2026?

Generally Safe

Score 99/100

Delete Duplicate Posts has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 13, 2023Updated 26d ago

Risk Assessment

The "delete-duplicate-posts" plugin version 5.0.3 exhibits a generally strong security posture with excellent output escaping and no identified dangerous functions or file operations. The attack surface, while consisting of three AJAX handlers, is fully protected by authentication checks. Furthermore, the absence of any identified taint flows suggests a good level of input sanitization. The plugin also demonstrates good practices with a significant number of nonce and capability checks.

However, the vulnerability history presents a notable concern. The plugin has a history of two known CVEs, with one high and one medium severity vulnerability in the past, both related to missing authorization. While currently no CVEs are unpatched, this pattern of past authorization issues is a recurring theme and indicates a potential area of weakness. The fact that these vulnerabilities were in previous versions but are now fixed is a positive sign, but the historical context warrants careful consideration.

In conclusion, the plugin has made significant improvements in its security over time, evident in the current static analysis results. The developer appears to be responsive to security issues. The primary area of concern remains the historical pattern of authorization vulnerabilities. While currently addressed, vigilance is recommended, and users should ensure they are always running the latest version of the plugin to benefit from these fixes.

Key Concerns

Historical high severity CVEs (Missing Authorization)
Historical medium severity CVEs (Missing Authorization)
30% of SQL queries do not use prepared statements
Bundled outdated library: DataTables v1.13.8
Bundled outdated library: Freemius v1.0

Vulnerabilities

Delete Duplicate Posts Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2023-47754medium · 5.4Missing Authorization

Delete Duplicate Posts <= 4.8.9 - Missing Authorization via AJAX Actions

Nov 13, 2023 Patched in 4.9 (71d)

WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-delete-duplicate-postshigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 4.1.9.5 (1793d)

Code Analysis

Analyzed Mar 16, 2026

Delete Duplicate Posts Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

94 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables1.13.8Freemius1.0

SQL Query Safety

30% prepared10 total queries

Output Escaping

97% escaped97 total outputs

Attack Surface

Delete Duplicate Posts Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_ddp_get_loglinesdelete-duplicate-posts.php:106

authwp_ajax_ddp_get_duplicatesdelete-duplicate-posts.php:107

authwp_ajax_ddp_delete_duplicatesdelete-duplicate-posts.php:109

WordPress Hooks 10

actionafter_uninstalldelete-duplicate-posts.php:67

filterpermission_listdelete-duplicate-posts.php:96

actionadmin_headdelete-duplicate-posts.php:99

actioninitdelete-duplicate-posts.php:108

actionadmin_menudelete-duplicate-posts.php:111

actionadmin_enqueue_scriptsdelete-duplicate-posts.php:112

actionwp_insert_sitedelete-duplicate-posts.php:113

filterwpmu_drop_tablesdelete-duplicate-posts.php:119

actionddp_crondelete-duplicate-posts.php:121

actioncron_schedulesdelete-duplicate-posts.php:122

Scheduled Events 2

ddp_cron

Maintenance & Trust

Delete Duplicate Posts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 8, 2026

PHP min version7.4

Downloads873K

Community Trust

Rating96/100

Number of ratings149

Active installs20K

Alternatives

Delete Duplicate Posts Alternatives

Freesoul Deactivate Plugins – Disable plugins on individual WordPress pages

freesoul-deactivate-plugins

Load plugins only where you need them. No bloat, no conflicts, more speed. Deactivate plugins where they don't add anything useful.

9K 2 CVEs

RationalCleanup

rationalcleanup

100

Clean up legacy WordPress bloat, improve security, and optimize performance with toggleable, opinionated defaults.

100 No CVEs

Hungry Resource Monitor

hungry-resource-monitor

100

Monitor memory, CPU, and resource usage. Detect bloat from plugins, themes, and database. Weekly reports and optimization tips.

70 No CVEs

Wonderful Secure Cleanup

wonderful-secure-cleanup

100

A simple way to clean and secure WordPress by disabling unnecessary features like comments, XML-RPC, and RSS feeds.

60 No CVEs

Fand Transient and Action Cleaner

fand-transient-action-cleaner

100

Clean up your database by removing expired transients and cumbersome Action Scheduler logs. Optimize your performance with one click.

20 No CVEs

Developer Profile

Delete Duplicate Posts Developer Profile

Lars Koudal

3 plugins · 21K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

932 days

View full developer profile

Detection Fingerprints

How We Detect Delete Duplicate Posts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/delete-duplicate-posts/css/ddp-admin.css/wp-content/plugins/delete-duplicate-posts/js/ddp-admin.js/wp-content/plugins/delete-duplicate-posts/js/ddp-helper.js

Script Paths

/wp-content/plugins/delete-duplicate-posts/js/ddp-admin.js/wp-content/plugins/delete-duplicate-posts/js/ddp-helper.js

Version Parameters

delete-duplicate-posts/css/ddp-admin.css?ver=delete-duplicate-posts/js/ddp-admin.js?ver=delete-duplicate-posts/js/ddp-helper.js?ver=

HTML / DOM Fingerprints

CSS Classes

ddp-settings-sectionddp-clear-logddp-delete-duplicatesddp-scan-duplicatesddp-scan-logddp-bulk-delete-buttonddp-results-table

HTML Comments

+6 more

Data Attributes

data-logiddata-deleteiddata-delete-noncedata-scan-noncedata-log-noncedata-orgid

JS Globals

ddp_php_vars

REST Endpoints

/wp-json/delete-duplicate-posts/v1/loglines/wp-json/delete-duplicate-posts/v1/duplicates/wp-json/delete-duplicate-posts/v1/delete

FAQ