[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUcpUbaua13Szfxdqc7eILYjmexZDIE0ezJmK1Rc8Fno":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":45,"crawl_stats":36,"alternatives":52,"analysis":53,"fingerprints":146},"duplicate-title-checker","Duplicate Title Checker","1.2","ketanajani","https:\u002F\u002Fprofiles.wordpress.org\u002Fketanajani\u002F","\u003Cp>WordPress allows to enter same title for multiple posts. Sometimes we already used a title and we are not aware of that and when we create another post with same name, wordpress by default is not providing alert that this title is already used.\u003Cbr \u002F>\nThe benefit of default functionality is that wordpress allows multiple posts with same title and automatically generate unique URLs for duplicate posts which is very helpful.\u003C\u002Fp>\n\u003Cp>But what if we need that each post should have unique post title and there are huge number of posts already created ?\u003C\u002Fp>\n\u003Cp>In this case this plugin can be used to check that title we are using for new post is unique or not. Right now this plugin is only for post but with minor modification it can be used with custom post types and pages. Although this plugin allows to create multiple posts with same title as it just provides alert that the title used is not unique\u003C\u002Fp>\n\u003Cp>If you need any information on plugin and suggestions for how to customize for custom post types or pages than please let us know here \u003Ca href=\"https:\u002F\u002Fwww.webconfines.com\u002Fcontact-us\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.webconfines.com\u002Fcontact-us\u003C\u002Fa>\u003C\u002Fp>\n","This plugin provides alert message for duplicate post title and unique post title when adding new post.",200,16698,96,9,"2019-05-30T10:24:00.000Z","5.2.24","3.0","5.5.9",[4,20,21,22,23],"duplicate-title-checker-wordpress","duplicate-title-seo","prevent-duplicate-title-wordpress","wordpress-check-duplicate-title","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fduplicate-title-checker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduplicate-title-checker.1.2.zip",63,1,"2025-04-09 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":36,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":36},"CVE-2025-32558","duplicate-title-checker-authenticated-subscriber-sql-injection","Duplicate Title Checker \u003C= 1.2 - Authenticated (Subscriber+) SQL Injection","The Duplicate Title Checker plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.2","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-04-16 20:58:23",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff7d2a830-4b66-4875-98b1-4730c3b6ae4b?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},2,230,59,327,50,"2026-04-05T01:55:13.229Z",[],{"attackSurface":54,"codeSignals":81,"taintFlows":92,"riskAssessment":127,"analyzedAt":145},{"hooks":55,"ajaxHandlers":72,"restRoutes":78,"shortcodes":79,"cronEvents":80,"entryPointCount":27,"unprotectedCount":27},[56,62,68],{"type":57,"name":58,"callback":59,"file":60,"line":61},"filter","admin_notices","duplicate_notice","duplicate-title-checker.php",14,{"type":63,"name":64,"callback":65,"priority":66,"file":60,"line":67},"action","admin_enqueue_scripts","duplicate_titles_enqueue_scripts",2000,47,{"type":63,"name":69,"callback":70,"file":60,"line":71},"wp_print_scripts","disable_autosave",94,[73],{"action":74,"nopriv":75,"callback":76,"hasNonce":75,"hasCapCheck":75,"file":60,"line":77},"title_check",false,"duplicate_title_check_callback",49,[],[],[],{"dangerousFunctions":82,"sqlUsage":83,"outputEscaping":86,"fileOperations":84,"externalRequests":84,"nonceChecks":84,"capabilityChecks":84,"bundledLibraries":91},[],{"prepared":27,"raw":84,"locations":85},0,[],{"escaped":27,"rawEcho":27,"locations":87},[88],{"file":60,"line":89,"context":90},87,"raw output",[],[93,111,119],{"entryPoint":94,"graph":95,"unsanitizedCount":27,"severity":110},"duplicate_title_check_callback (duplicate-title-checker.php:51)",{"nodes":96,"edges":108},[97,102],{"id":98,"type":99,"label":100,"file":60,"line":101},"n0","source","$_REQUEST",57,{"id":103,"type":104,"label":105,"file":60,"line":106,"wp_function":107},"n1","sink","get_results() [SQLi]",64,"get_results",[109],{"from":98,"to":103,"sanitized":75},"high",{"entryPoint":112,"graph":113,"unsanitizedCount":27,"severity":110},"title_check (duplicate-title-checker.php:53)",{"nodes":114,"edges":117},[115,116],{"id":98,"type":99,"label":100,"file":60,"line":101},{"id":103,"type":104,"label":105,"file":60,"line":106,"wp_function":107},[118],{"from":98,"to":103,"sanitized":75},{"entryPoint":120,"graph":121,"unsanitizedCount":27,"severity":110},"\u003Cduplicate-title-checker> (duplicate-title-checker.php:0)",{"nodes":122,"edges":125},[123,124],{"id":98,"type":99,"label":100,"file":60,"line":101},{"id":103,"type":104,"label":105,"file":60,"line":106,"wp_function":107},[126],{"from":98,"to":103,"sanitized":75},{"summary":128,"deductions":129},"The \"duplicate-title-checker\" v1.2 plugin exhibits a mixed security posture. While it demonstrates good practices in its handling of SQL queries by exclusively using prepared statements, its attack surface is a significant concern.  The presence of a single AJAX handler without any authentication checks creates a direct entry point for potential attackers. This is further exacerbated by the taint analysis, which reveals three flows with unsanitized paths, all classified as high severity. Although the plugin has no dangerous functions or file operations, and correctly handles external HTTP requests and cron events, the lack of proper capability checks and nonce verification on its AJAX endpoint is a critical oversight.\n\nThe vulnerability history, despite its recent date, highlights a pattern of medium-severity issues, specifically SQL injection. The fact that there is one currently unpatched medium CVE, identified as SQL Injection, directly correlates with the potential risks identified in the taint analysis.  The plugin's reliance on prepared statements for SQL queries is a positive step, but the vulnerability history suggests that sanitization and input validation might still be insufficient in certain contexts, especially given the identified unsanitized paths. \n\nIn conclusion, the \"duplicate-title-checker\" v1.2 plugin presents a moderate to high risk due to its unprotected AJAX endpoint and high-severity unsanitized taint flows, coupled with a history of SQL injection vulnerabilities. While the use of prepared statements is commendable, the lack of authentication and validation on critical entry points, combined with unpatched vulnerabilities, necessitates immediate attention and remediation.",[130,133,136,138,140,142],{"reason":131,"points":132},"Unprotected AJAX handler",10,{"reason":134,"points":135},"High severity unsanitized taint flows",15,{"reason":137,"points":135},"Unpatched medium CVE (SQL Injection)",{"reason":139,"points":132},"Missing nonce checks",{"reason":141,"points":132},"Missing capability checks",{"reason":143,"points":144},"Half of outputs not properly escaped",6,"2026-03-16T20:09:07.318Z",{"wat":147,"direct":156},{"assetPaths":148,"generatorPatterns":151,"scriptPaths":152,"versionParams":153},[149,150],"\u002Fwp-content\u002Fplugins\u002Fduplicate-title-checker\u002Fjs\u002Fduptitles-title-checker-block-editor.js","\u002Fwp-content\u002Fplugins\u002Fduplicate-title-checker\u002Fjs\u002Fduptitles.js",[],[149,150],[154,155],"duplicate-title-checker\u002Fjs\u002Fduptitles-title-checker-block-editor.js?ver=","duplicate-title-checker\u002Fjs\u002Fduptitles.js?ver=",{"cssClasses":157,"htmlComments":159,"htmlAttributes":160,"restEndpoints":161,"jsGlobals":162,"shortcodeOutput":163},[158],"duplicate-message",[],[],[],[],[]]