Does Easy Post Duplicator have any unpatched vulnerabilities?

Yes — Easy Post Duplicator currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Easy Post Duplicator compatible with WordPress 4.8.28?

According to WordPress.org data, Easy Post Duplicator 1.0.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is Easy Post Duplicator updated?

Easy Post Duplicator was last updated on Jun 15, 2017. Frequent updates are generally a positive security signal.

What is Easy Post Duplicator's security score?

Easy Post Duplicator has a WP-Safety security score of 42/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Easy Post Duplicator Security & Risk Analysis

wordpress.org/plugins/easy-post-duplicator

Plugin duplicates the posts, pages all at once based on the post type,post status and even year of posts created.

80 active installs v1.0.1 PHP + WP 3.0+ Updated Jun 15, 2017

duplicateduplicate-custom-postduplicate-pagesduplicate-postswordpress

D · High Risk

CVEs total2

Unpatched2

Last CVEApr 9, 2025

Download

Safety Verdict

Is Easy Post Duplicator Safe to Use in 2026?

High Risk

Score 42/100

Easy Post Duplicator carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Apr 9, 2025Updated 8yr ago

Risk Assessment

The "easy-post-duplicator" v1.0.1 plugin presents a mixed security profile. While the static analysis indicates a seemingly small attack surface with no apparent unprotected AJAX handlers, REST API routes, shortcodes, or cron events, and all identified outputs are properly escaped, there are concerning signals. Specifically, the presence of unsanitized paths in taint analysis suggests potential vulnerabilities related to how input is handled, which could be exploited if an attacker can influence these paths. The vulnerability history is a significant red flag, with two known medium-severity vulnerabilities: Cross-site Scripting (XSS) and SQL Injection. The fact that both of these remain unpatched is a critical concern. The history of these vulnerability types indicates a recurring pattern of improper input sanitization, which is a fundamental security weakness.

Key Concerns

Unpatched CVEs (2)
Taint analysis: unsanitized paths
SQL queries: 50% not using prepared statements
No nonce checks

Vulnerabilities

Easy Post Duplicator Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-32538medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Easy Post Duplicator <= 1.0.1 - Reflected Cross-Site Scripting

Apr 9, 2025Unpatched

CVE-2025-32567medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Easy Post Duplicator <= 1.0.1 - Authenticated (Subscriber+) SQL Injection

Apr 9, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Easy Post Duplicator Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared2 total queries

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

dev_post_duplicate_func (index.php:12)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Easy Post Duplicator Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionadmin_action_dev_post_duplicate_funcindex.php:74

Maintenance & Trust

Easy Post Duplicator Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJun 15, 2017

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs80

Alternatives

Easy Post Duplicator Alternatives

Duplicate Post

copy-delete-posts

Duplicate post

300K 2 CVEs

Duplicate Post – duplicate pages, copy content, clone posts

duplicate-post-rb

100

Duplicate Post RB makes it easy to duplicate posts, pages and custom post types. Create duplicate posts, clone content, automate duplication

2K No CVEs

Quick Copy – Duplicate Posts & Pages

duplicator-post-page

100

Easily duplicate any post or page, including all metadata and taxonomies, with just one click.

1K No CVEs

WP Clone any post type

wp-clone-any-post-type

Cloning posts, pages and custom post types in WordPress.

400 2 unpatched

FeedWordPress Duplicate Post Filter

feedwordpress-duplicate-post-filter

A FeedWordPress syndicated post filter that checks for duplicates before posting items from your feeds.

200 No CVEs

Developer Profile

Easy Post Duplicator Developer Profile

dev02ali

3 plugins · 100 total installs

trust score

Avg Security Score

71/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Easy Post Duplicator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ