Does Duplicate Page have any unpatched vulnerabilities?

No. All known vulnerabilities in Duplicate Page have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Duplicate Page compatible with WordPress 6.8.5?

According to WordPress.org data, Duplicate Page 4.5.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Duplicate Page updated?

Duplicate Page was last updated on Oct 16, 2025. Frequent updates are generally a positive security signal.

What is Duplicate Page's security score?

Duplicate Page has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Duplicate Page Security & Risk Analysis

wordpress.org/plugins/duplicate-page

Duplicate Posts, Pages and Custom Posts easily using single click

3.0M active installs v4.5.6 PHP + WP 3.4+ Updated Oct 16, 2025

duplicate-custom-postsduplicate-pageduplicate-postpage-duplicatepost-duplicate

A · Safe

CVEs total3

Unpatched0

Last CVEAug 28, 2021

Plugin page Download

Safety Verdict

Is Duplicate Page Safe to Use in 2026?

Generally Safe

Score 98/100

Duplicate Page has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Aug 28, 2021Updated 5mo ago

Risk Assessment

The "duplicate-page" plugin v4.5.6 demonstrates a generally good security posture with strong adherence to secure coding practices. The static analysis reveals a limited attack surface, with all identified entry points properly secured by authentication checks. The plugin effectively utilizes prepared statements for SQL queries, avoids dangerous functions, and performs thorough output escaping, with only a small percentage of outputs not being properly escaped. Nonce and capability checks are also present, further strengthening its security. However, the taint analysis did reveal two flows with unsanitized paths, which represents a potential concern for vulnerabilities like cross-site scripting or file path manipulation, even though they were not categorized as critical or high severity in this analysis.

Key Concerns

Flows with unsanitized paths found
Slightly unescaped output detected
History of High severity vulnerabilities
History of Medium severity vulnerabilities

Vulnerabilities

Duplicate Page Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2020

2020

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2021-24681medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Duplicate Page <= 4.4.1 Authenticated (Admin+) Stored Cross-Site Scripting

Aug 28, 2021 Patched in 4.4.2 (878d)

WF-76044985-477c-4d62-aec3-1905add0a9e2-duplicate-pagehigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Duplicate Page Plugins <= (Various Versions) - SQL Injection

Apr 25, 2020 Patched in 3.4 (1368d)

WF-8ed9a5df-90d0-4abe-be1c-49c50a6b48b3-duplicate-pagehigh · 7.4Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Duplicate Page <= 3.3 - SQL Injection

Mar 22, 2019 Patched in 3.4 (1768d)

Code Analysis

Analyzed Mar 16, 2026

Duplicate Page Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

27 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped29 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

dt_duplicate_post_as_draft (duplicatepage.php:107)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Duplicate Page Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_mk_dp_close_dp_helpduplicatepage.php:44

WordPress Hooks 11

actionadmin_menuduplicatepage.php:28

filterplugin_action_linksduplicatepage.php:29

actionadmin_action_dt_duplicate_post_as_draftduplicatepage.php:30

filterpost_row_actionsduplicatepage.php:32

filterpage_row_actionsduplicatepage.php:33

actionadmin_headduplicatepage.php:35

actionadmin_headduplicatepage.php:37

actionpost_submitbox_misc_actionsduplicatepage.php:38

actionpost_submitbox_misc_actionsduplicatepage.php:40

actionwp_before_admin_bar_renderduplicatepage.php:42

actioninitduplicatepage.php:43

Maintenance & Trust

Duplicate Page Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 16, 2025

PHP min version

Downloads35.8M

Community Trust

Rating96/100

Number of ratings442

Active installs3.0M

Alternatives

Duplicate Page Alternatives

Duplicate Page and Post

duplicate-wp-page-post

Duplicate post, Duplicate page and Duplicate custom post or clone page and clone post.

80K 1 unpatched

Just Duplicate

just-duplicate

100

Easily duplicate WordPress pages, posts, custom post types, and WooCommerce products with one click.

10 No CVEs

CodingBunny Easy Duplicate Post

coding-bunny-easy-duplicate-post

100

Clone WordPress page, post and custom post types.

0 No CVEs

Duplicate Post

copy-delete-posts

Duplicate post

300K 2 CVEs

WP Post Page Clone

wp-post-page-clone

Clone Post or Page with it's contents and settings in just one click.

80K 2 CVEs

Developer Profile

Duplicate Page Developer Profile

mndpsingh287

7 plugins · 4.1M total installs

trust score

Avg Security Score

83/100

Avg Patch Time

1115 days

View full developer profile

Detection Fingerprints

How We Detect Duplicate Page

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/duplicate-page/css/dp-style.css/wp-content/plugins/duplicate-page/js/dp-script.js

Script Paths

/wp-content/plugins/duplicate-page/js/dp-script.js

Version Parameters

duplicate-page/css/dp-style.css?ver=duplicate-page/js/dp-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

dt-duplicate-page

Data Attributes

data-duplicate-nonce

JS Globals

mk_dp_close_dp_help

FAQ