WP-Safety

WP Delete Post Copies Security & Risk Analysis

wordpress.org/plugins/etruel-del-post-copies

Delete duplicate posts by title or content, including attachments, with powerful filters. Supports manual and scheduled cleanups.

200 active installs v6.0.3 PHP + WP 3.1.0+ Updated Nov 12, 2025
deleteduplicated-postsduplicatespostsremove-copies
98
A · Safe
CVEs total2
Unpatched0
Last CVENov 20, 2025
Plugin page Download
Safety Verdict

Is WP Delete Post Copies Safe to Use in 2026?

Generally Safe

Score 98/100

WP Delete Post Copies has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 20, 2025Updated 4mo ago
Risk Assessment

The "etruel-del-post-copies" plugin, version 6.0.3, presents a mixed security posture. While it demonstrates good practices by using prepared statements for all SQL queries and having a high rate of output escaping (81%), there are significant concerns. The plugin exposes 9 AJAX handlers, with a third (3) lacking authentication checks, creating a substantial attack surface for unauthorized actions.

Taint analysis reveals 3 flows with unsanitized paths, although these are not categorized as critical or high severity. The vulnerability history shows 2 previously disclosed medium severity CVEs, both related to Cross-Site Scripting and Missing Authorization. The fact that the last vulnerability was in 2025-11-20, while not yet patched, indicates a potential for ongoing security issues or a delay in addressing past problems, especially considering these were not minor vulnerabilities.

Overall, the plugin has strengths in its database interaction and output handling. However, the unprotected AJAX endpoints are a critical security flaw that could be exploited by attackers. The history of medium-severity vulnerabilities related to authorization and XSS further amplifies these concerns. While there are no currently unpatched CVEs, the past issues and the unauthenticated AJAX endpoints warrant careful consideration.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Medium severity CVE history
  • Missing Authorization vulnerabilities in history
  • Cross-site Scripting vulnerabilities in history
Vulnerabilities
2

WP Delete Post Copies Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-12066medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Delete Post Copies <= 6.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Nov 20, 2025 Patched in 6.0.3 (1d)
CVE-2025-22541medium · 4.3Missing Authorization

WP Delete Post Copies <= 5.5 - Missing Authorization

Jan 7, 2025 Patched in 6.0 (87d)
Code Analysis
Analyzed Mar 16, 2026

WP Delete Post Copies Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
19
79 escaped
Nonce Checks
8
Capability Checks
26
File Operations
3
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

81% escaped98 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
wpedpc_copy_campaign (includes\post-types.php:226)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

WP Delete Post Copies Attack Surface

Entry Points9
Unprotected3

AJAX Handlers 9

authwp_ajax_wpedpc_show_logs_campaignincludes\ajax-actions.php:26
authwp_ajax_wpedpc_runincludes\ajax-actions.php:28
authwp_ajax_wpdpc_nowincludes\ajax-actions.php:29
authwp_ajax_wpdpc_logeraseincludes\ajax-actions.php:30
authwp_ajax_wpdpc_showincludes\ajax-actions.php:31
authwp_ajax_wpedpc_delapostincludes\ajax-actions.php:32
authwp_ajax_request_excluded_postsincludes\class-wpedpc-select2.php:19
noprivwp_ajax_request_excluded_postsincludes\class-wpedpc-select2.php:20
authwp_ajax_wpedpc_runincludes\post-types.php:137
WordPress Hooks 67
actionadmin_menuedel-post-copies.php:66
actionwpedpc_func_eventedel-post-copies.php:67
filtercron_schedulesedel-post-copies.php:68
actioninitedel-post-copies.php:69
actioninitedel-post-copies.php:70
filterwpedpc_env_checksedel-post-copies.php:71
actionadmin_headedel-post-copies.php:73
actionadmin_noticesedel-post-copies.php:361
actionadmin_initincludes\admin-actions.php:44
filteradmin_footer_textincludes\admin-footer.php:37
actionwpedpc_show_logs_campaignincludes\ajax-actions.php:27
filterwpedpc_is_campaign_activeincludes\class-wpedpc-campaign.php:32
actionadmin_enqueue_scriptsincludes\class-wpedpc-select2.php:16
actionwpedpc_func_eventincludes\cron-functions.php:68
filtercron_schedulesincludes\cron-functions.php:83
actioninitincludes\cron-functions.php:94
actionadd_meta_boxesincludes\meta-boxes-campaign.php:26
actionadmin_print_styles-post.phpincludes\meta-boxes-campaign.php:27
actionadmin_print_styles-post-new.phpincludes\meta-boxes-campaign.php:28
actionadmin_print_scripts-post.phpincludes\meta-boxes-campaign.php:29
actionadmin_print_scripts-post-new.phpincludes\meta-boxes-campaign.php:30
actiontransition_post_statusincludes\meta-boxes-campaign.php:31
filterwpedpc_clean_campaign_fieldsincludes\meta-boxes-campaign.php:32
actionsave_postincludes\meta-boxes-campaign.php:33
actionwpedpc_meta_box_actions_optionsincludes\meta-boxes-campaign.php:34
actionwpedpc_meta_box_settings_fieldsincludes\meta-boxes-campaign.php:35
actionwpedpc_meta_box_settings_fieldsincludes\meta-boxes-campaign.php:36
actionwpedpc_meta_box_settings_fieldsincludes\meta-boxes-campaign.php:37
actionwpedpc_meta_box_settings_fieldsincludes\meta-boxes-campaign.php:38
actionwpedpc_meta_box_duplicated_fieldsincludes\meta-boxes-campaign.php:39
actionwpedpc_meta_box_duplicated_fieldsincludes\meta-boxes-campaign.php:40
actionwpedpc_meta_box_included_fieldsincludes\meta-boxes-campaign.php:41
actionwpedpc_meta_box_included_fieldsincludes\meta-boxes-campaign.php:42
actionwpedpc_meta_box_included_fieldsincludes\meta-boxes-campaign.php:43
actionwpedpc_meta_box_categoriesincludes\meta-boxes-campaign.php:44
actionwpedpc_meta_box_categoriesincludes\meta-boxes-campaign.php:45
actionadmin_headincludes\meta-boxes-campaign.php:63
actionadmin_headincludes\meta-boxes-campaign.php:75
actionadmin_initincludes\notices.php:15
actionadmin_noticesincludes\notices.php:39
filterplugin_action_linksincludes\plugins.php:31
filterplugin_row_metaincludes\plugins.php:61
actioninitincludes\post-types.php:25
filterenter_title_hereincludes\post-types.php:26
filterpost_updated_messagesincludes\post-types.php:27
filterbulk_post_updated_messagesincludes\post-types.php:28
actionadmin_initincludes\post-types.php:29
actionadmin_action_wpedpc_toggle_campaignincludes\post-types.php:139
actionadmin_action_wpedpc_reset_campaignincludes\post-types.php:140
filterpost_row_actionsincludes\post-types.php:143
filterdisable_months_dropdownincludes\post-types.php:144
actionadmin_print_styles-edit.phpincludes\post-types.php:145
actionadmin_print_scripts-edit.phpincludes\post-types.php:146
actionadmin_headincludes\post-types.php:157
filterwpedpc_run_campaignincludes\run-campaign.php:13
filterwpedpc_parseImagesincludes\run-campaign.php:14
filterwpedpc_getRelativeUrlincludes\run-campaign.php:15
filterwpedpc_getReadUrlincludes\run-campaign.php:16
filterwpedpc_get_domainincludes\run-campaign.php:17
actionload-download_page_edd-settingsincludes\settings\contextual-help.php:101
filterwpedpc_clean_settingsincludes\settings\display-settings.php:213
actionwpedpc_settings_tab_licensesincludes\settings\licenses-settings.php:34
actionwpedpc_settings_tab_settingsincludes\settings\wpedpc_settings.php:18
actionwpedpc_save_settingsincludes\settings\wpedpc_settings.php:150
actionadmin_noticesincludes\settings\wpedpc_settings.php:166
filterwpedpc_clean_settingsincludes\settings\wpedpc_settings.php:190
actionadmin_initincludes\settings\wpedpc_settings.php:238

Scheduled Events 2

wpedpc_func_event
wpedpc_func_event
Maintenance & Trust

WP Delete Post Copies Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 12, 2025
PHP min version
Downloads29K

Community Trust

Rating76/100
Number of ratings6
Active installs200
Alternatives

WP Delete Post Copies Alternatives

Delete Duplicate Posts

Delete Duplicate Posts

delete-duplicate-posts

A
99

Get rid of duplicate posts and pages (any post type) on your blog with manual or automatic modes.

20K 2 CVEs
WOLF – WordPress Posts Bulk Editor and Manager Professional

WOLF – WordPress Posts Bulk Editor and Manager Professional

bulk-editor

A
97

WOLF (formerly WPBE) - a WordPress plugin for managing posts, pages, and custom types easily. Perfect for real estate, cars, etc.

4K 12 CVEs
Delete Posts automatically

Delete Posts automatically

delete-old-posts-programmatically

A
100

The Delete Posts Automatically plugin keeps your website clean by programmatically deleting posts using a wide range of powerful filters.

1K No CVEs
Post Lockdown

Post Lockdown

post-lockdown

A
99

Allows admins to protect selected posts and pages so they cannot be trashed or deleted by non-admin users.

1K 1 CVE
Trash Duplicate and 301 Redirect

Trash Duplicate and 301 Redirect

trash-duplicate-and-301-redirect

B
73

Find and delete duplicates posts, pages, custom post type posts and set 301 redirect to the new or old URL.

1K 1 unpatched
Developer Profile

WP Delete Post Copies Developer Profile

etruel

11 plugins · 13K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
116 days
View full developer profile
Detection Fingerprints

How We Detect WP Delete Post Copies

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/etruel-del-post-copies/assets/css/select2.min.css/wp-content/plugins/etruel-del-post-copies/assets/js/select2.min.js/wp-content/plugins/etruel-del-post-copies/assets/js/wpedpc-admin.js/wp-content/plugins/etruel-del-post-copies/assets/js/wpedpc-frontend.js
Script Paths
/wp-content/plugins/etruel-del-post-copies/assets/js/select2.min.js/wp-content/plugins/etruel-del-post-copies/assets/js/wpedpc-admin.js/wp-content/plugins/etruel-del-post-copies/assets/js/wpedpc-frontend.js
Version Parameters
etruel-del-post-copies/assets/css/select2.min.css?ver=etruel-del-post-copies/assets/js/select2.min.js?ver=etruel-del-post-copies/assets/js/wpedpc-admin.js?ver=etruel-del-post-copies/assets/js/wpedpc-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpedpcampaignwpedpc_campaign_settings
Data Attributes
data-wpedpc-campaign-id
JS Globals
wpedpc_campaigns_data
FAQ

Frequently Asked Questions about WP Delete Post Copies