WP-Safety

Duplicate Page and Post Security & Risk Analysis

wordpress.org/plugins/duplicate-wp-page-post

Duplicate post, Duplicate page and Duplicate custom post or clone page and clone post.

80K active installs v2.9.5 PHP 5.2.4+ WP 3.5+ Updated Sep 23, 2024
clone-pageclone-postduplicate-custom-postsduplicate-pageduplicate-post
63
C · Use Caution
CVEs total4
Unpatched1
Last CVESep 9, 2025
Plugin page Download
Safety Verdict

Is Duplicate Page and Post Safe to Use in 2026?

Use With Caution

Score 63/100

Duplicate Page and Post has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

4 known CVEs 1 unpatched Last CVE: Sep 9, 2025Updated 1yr ago
Risk Assessment

The "duplicate-wp-page-post" plugin v2.9.5 presents a mixed security posture. The static analysis reveals a commendably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and all entry points are protected by authentication checks. The code also demonstrates good practices by utilizing prepared statements for all SQL queries, employing nonce checks, and performing capability checks. However, the vulnerability history is a significant concern, with 4 known CVEs, including one currently unpatched high-severity vulnerability and several past medium-severity SQL injection and XSS issues. This history suggests a pattern of security flaws that require diligent patching, and the presence of an unpatched high-severity vulnerability poses an immediate risk.

Key Concerns

  • Unpatched high severity CVE
  • Multiple past CVEs including SQLi and XSS
  • Some output escaping issues
Vulnerabilities
4

Duplicate Page and Post Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
2 CVEs in 2022
2022
1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2025-6189medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Duplicate Page and Post <= 2.9.5 - Authenticated (Contributor+) SQL Injection via meta_key Parameter

Sep 9, 2025Unpatched
CVE-2022-2152medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Duplicate Page and Post <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 20, 2022 Patched in 2.8 (552d)
WF-e8ac3187-b065-434e-9051-d13330dd3da5-duplicate-wp-page-postmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Duplicate Page and Post <= 2.7 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 20, 2022 Patched in 2.8 (552d)
WF-76044985-477c-4d62-aec3-1905add0a9e2-duplicate-wp-page-posthigh · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Duplicate Page Plugins <= (Various Versions) - SQL Injection

Apr 25, 2020 Patched in 2.5.7 (1368d)
Code Analysis
Analyzed Mar 16, 2026

Duplicate Page and Post Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
3
23 escaped
Nonce Checks
2
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared3 total queries

Output Escaping

88% escaped26 total outputs
Attack Surface

Duplicate Page and Post Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 8
actionadmin_menuduplicate-wp-page-post.php:27
filterplugin_action_linksduplicate-wp-page-post.php:28
actionadmin_action_dt_dpp_post_as_draftduplicate-wp-page-post.php:29
filterpost_row_actionsduplicate-wp-page-post.php:30
filterpage_row_actionsduplicate-wp-page-post.php:31
actionadmin_headduplicate-wp-page-post.php:33
actionpost_submitbox_misc_actionsduplicate-wp-page-post.php:35
actionwp_before_admin_bar_renderduplicate-wp-page-post.php:37
Maintenance & Trust

Duplicate Page and Post Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedSep 23, 2024
PHP min version5.2.4
Downloads1.1M

Community Trust

Rating92/100
Number of ratings29
Active installs80K
Alternatives

Duplicate Page and Post Alternatives

WP Post Page Clone

WP Post Page Clone

wp-post-page-clone

A
99

Clone Post or Page with it's contents and settings in just one click.

80K 2 CVEs
WP Duplicate Page

WP Duplicate Page

wp-duplicate-page

A
96

Clone WordPress page, post, custom post types

60K 3 CVEs
Duplicate Page or Post

Duplicate Page or Post

duplicate-page-or-post

A
100

Duplicate Page or Post is an great tool that allow to duplicate pages and posts. Now you can do it in one click.

10K 1 CVE
SM Easy Duplicator

SM Easy Duplicator

sm-easy-duplicator

A
100

Duplicate Posts / Pages & Custom Posts easily in Just single click.

100 No CVEs
Clone Page Or Post Plugin for WordPress

Clone Page Or Post Plugin for WordPress

clone-page-or-post

A
92

Allow you to easily duplicate pages and posts with just one click!

10 No CVEs
Developer Profile

Duplicate Page and Post Developer Profile

Arjun Thakur

3 plugins · 121K total installs

65
trust score
Avg Security Score
80/100
Avg Patch Time
824 days
View full developer profile
Detection Fingerprints

How We Detect Duplicate Page and Post

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/duplicate-wp-page-post/duplicate-wp-page-post.php
Version Parameters
duplicate-wp-page-post/style.css?ver=duplicate-wp-page-post/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
dpp-duplicate-buttonduplicate-post-pageduplicate-page-post-settings
HTML Comments
<!-- IMPORTANT: This file is part of the Duplicate Page and Post plugin. --><!-- Please do not edit this file directly. -->
Data Attributes
data-post-iddata-nonce
JS Globals
dpp_ajax_object
FAQ

Frequently Asked Questions about Duplicate Page and Post