Does DupZap have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is DupZap compatible with WordPress 6.8.5?

According to WordPress.org data, DupZap 1.0.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is DupZap compatible with PHP 7.4+?

DupZap requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DupZap updated?

DupZap was last updated on Jul 29, 2025. Frequent updates are generally a positive security signal.

What is DupZap's security score?

DupZap has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DupZap Security & Risk Analysis

wordpress.org/plugins/dupzap

Clone posts, pages, and custom post types with one click. Lightweight and intuitive!

10 active installs v1.0.0 PHP 7.4+ WP 6.2+ Updated Jul 29, 2025

clonecopyduplicatepagesposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is DupZap Safe to Use in 2026?

Generally Safe

Score 100/100

DupZap has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The "dupzap" v1.0.0 plugin exhibits a generally strong security posture based on the provided static analysis. It demonstrates excellent practices by ensuring all SQL queries use prepared statements and all output is properly escaped. The absence of file operations and external HTTP requests further reduces its attack surface. The presence of nonce and capability checks in the code, along with no recorded vulnerabilities in its history, suggests a developer who is conscious of security best practices.

However, a notable concern arises from the presence of one unprotected AJAX handler. This represents a direct entry point into the plugin's functionality that an attacker could potentially exploit without requiring any authentication. While no specific vulnerabilities are identified in the taint analysis or known CVEs, this unprotected endpoint remains a potential weakness. The plugin's limited attack surface and good adherence to other security measures are positive, but this single unprotected entry point warrants attention.

In conclusion, "dupzap" v1.0.0 is a plugin with a good foundation for security, characterized by secure coding practices in data handling and output. The primary weakness lies in an unprotected AJAX endpoint, which is a direct risk. The clean vulnerability history is a positive indicator, but it does not negate the risk posed by the identified unprotected entry point. Addressing this specific issue would significantly bolster the plugin's overall security.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

DupZap Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

DupZap Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 17, 2026

DupZap Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped9 total outputs

Attack Surface

1 unprotected

DupZap Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 2

authwp_ajax_dupzap_duplicatedupzap.php:40

authwp_ajax_dupzap_duplicateincludes\class-dupzap-core.php:6

WordPress Hooks 7

actionplugins_loadeddupzap.php:38

filterpost_row_actionsincludes\class-dupzap-admin.php:4

filterpage_row_actionsincludes\class-dupzap-admin.php:5

actionadd_meta_boxesincludes\class-dupzap-admin.php:6

actionadmin_enqueue_scriptsincludes\class-dupzap-admin.php:7

actionadmin_noticesincludes\class-dupzap-admin.php:8

actionadmin_action_dupzap_duplicateincludes\class-dupzap-core.php:5

Maintenance & Trust

DupZap Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 29, 2025

PHP min version7.4

Downloads280

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

DupZap Alternatives

Clone Posts

clone-posts

100

Easily clone (duplicate) Posts, Pages and Custom Post Types, including their custom fields (post_meta)

10K No CVEs

Labinator Content Types Duplicator

labinator-content-types-duplicator

Duplicate posts, pages, widgets, menus, and any content types with one click. Copy or clone your content without limitations. It is 100% free!

200 1 unpatched

Duplicate Post

copy-delete-posts

Duplicate post

300K 2 CVEs

Duplicate Post – duplicate pages, copy content, clone posts

duplicate-post-rb

100

Duplicate Post RB makes it easy to duplicate posts, pages and custom post types. Create duplicate posts, clone content, automate duplication

3K No CVEs

Quick Copy – Duplicate Posts & Pages

duplicator-post-page

100

Easily duplicate any post or page, including all metadata and taxonomies, with just one click.

1K No CVEs

Developer Profile

DupZap Developer Profile

TAKAHIRO

6 plugins · 70 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DupZap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dupzap/js/dupzap-admin.js

Script Paths

/wp-content/plugins/dupzap/js/dupzap-admin.js

Version Parameters

dupzap-admin=1.0.0

HTML / DOM Fingerprints

CSS Classes

dupzap-clone-button

Data Attributes

data-post-id

JS Globals

dupzap

FAQ