Does Duplicate Title Checker have any unpatched vulnerabilities?

Yes — Duplicate Title Checker currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Duplicate Title Checker compatible with WordPress 5.2.24?

According to WordPress.org data, Duplicate Title Checker 1.2 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is Duplicate Title Checker compatible with PHP 5.5.9+?

Duplicate Title Checker requires PHP 5.5.9 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Duplicate Title Checker updated?

Duplicate Title Checker was last updated on May 30, 2019. Frequent updates are generally a positive security signal.

What is Duplicate Title Checker's security score?

Duplicate Title Checker has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Duplicate Title Checker Security & Risk Analysis

wordpress.org/plugins/duplicate-title-checker

This plugin provides alert message for duplicate post title and unique post title when adding new post.

200 active installs v1.2 PHP 5.5.9+ WP 3.0+ Updated May 30, 2019

duplicate-title-checkerduplicate-title-checker-wordpressduplicate-title-seoprevent-duplicate-title-wordpresswordpress-check-duplicate-title

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 9, 2025

Plugin page Download

Safety Verdict

Is Duplicate Title Checker Safe to Use in 2026?

Use With Caution

Score 63/100

Duplicate Title Checker has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 9, 2025Updated 6yr ago

Risk Assessment

The "duplicate-title-checker" v1.2 plugin exhibits a mixed security posture. While it demonstrates good practices in its handling of SQL queries by exclusively using prepared statements, its attack surface is a significant concern. The presence of a single AJAX handler without any authentication checks creates a direct entry point for potential attackers. This is further exacerbated by the taint analysis, which reveals three flows with unsanitized paths, all classified as high severity. Although the plugin has no dangerous functions or file operations, and correctly handles external HTTP requests and cron events, the lack of proper capability checks and nonce verification on its AJAX endpoint is a critical oversight.

The vulnerability history, despite its recent date, highlights a pattern of medium-severity issues, specifically SQL injection. The fact that there is one currently unpatched medium CVE, identified as SQL Injection, directly correlates with the potential risks identified in the taint analysis. The plugin's reliance on prepared statements for SQL queries is a positive step, but the vulnerability history suggests that sanitization and input validation might still be insufficient in certain contexts, especially given the identified unsanitized paths.

In conclusion, the "duplicate-title-checker" v1.2 plugin presents a moderate to high risk due to its unprotected AJAX endpoint and high-severity unsanitized taint flows, coupled with a history of SQL injection vulnerabilities. While the use of prepared statements is commendable, the lack of authentication and validation on critical entry points, combined with unpatched vulnerabilities, necessitates immediate attention and remediation.

Key Concerns

Unprotected AJAX handler
High severity unsanitized taint flows
Unpatched medium CVE (SQL Injection)
Missing nonce checks
Missing capability checks
Half of outputs not properly escaped

Vulnerabilities

Duplicate Title Checker Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-32558medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Duplicate Title Checker <= 1.2 - Authenticated (Subscriber+) SQL Injection

Apr 9, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Duplicate Title Checker Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

50% escaped2 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

duplicate_title_check_callback (duplicate-title-checker.php:51)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Duplicate Title Checker Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_title_checkduplicate-title-checker.php:49

WordPress Hooks 3

filteradmin_noticesduplicate-title-checker.php:14

actionadmin_enqueue_scriptsduplicate-title-checker.php:47

actionwp_print_scriptsduplicate-title-checker.php:94

Maintenance & Trust

Duplicate Title Checker Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedMay 30, 2019

PHP min version5.5.9

Downloads17K

Community Trust

Rating96/100

Number of ratings9

Active installs200

Alternatives

Duplicate Title Checker Alternatives

No alternatives data available yet.

Developer Profile

Duplicate Title Checker Developer Profile

ketanajani

2 plugins · 230 total installs

trust score

Avg Security Score

59/100

Avg Patch Time

327 days

View full developer profile

Detection Fingerprints

How We Detect Duplicate Title Checker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/duplicate-title-checker/js/duptitles-title-checker-block-editor.js/wp-content/plugins/duplicate-title-checker/js/duptitles.js

Script Paths