Does Fix Duplicates have any unpatched vulnerabilities?

No. All known vulnerabilities in Fix Duplicates have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Fix Duplicates compatible with WordPress 4.6.30?

According to WordPress.org data, Fix Duplicates 1.0.4 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Fix Duplicates updated?

Fix Duplicates was last updated on Nov 28, 2017. Frequent updates are generally a positive security signal.

What is Fix Duplicates's security score?

Fix Duplicates has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Fix Duplicates Security & Risk Analysis

wordpress.org/plugins/fix-duplicates

Do you run a site with user submitted content? Do users submit the same post again and again? Use the Fix Duplicates plugin to find and delete duplica …

900 active installs v1.0.4 PHP + WP 3.5+ Updated Nov 28, 2017

duplicate-postsduplicatesfind-duplicatesfix-duplicatesuser-submitted-posts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Fix Duplicates Safe to Use in 2026?

Generally Safe

Score 85/100

Fix Duplicates has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The 'fix-duplicates' plugin v1.0.4 exhibits a generally good security posture, primarily due to its diligent use of prepared statements for all SQL queries and the absence of known vulnerabilities. The static analysis reveals a limited attack surface with only two AJAX handlers, and importantly, zero unprotected entry points. This suggests developers have considered basic security measures. However, a significant concern lies in the output escaping, where only 60% of outputs are properly escaped. This could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is rendered directly without sufficient sanitization. Furthermore, the taint analysis shows four flows with unsanitized paths, although they did not reach a critical or high severity level. This warrants careful review to ensure these paths don't become exploitable with minor modifications or in conjunction with other factors. The plugin's clean vulnerability history is a positive sign, indicating a commitment to security or a lack of past exploitation, but the identified code signals still present potential risks.

Key Concerns

Output escaping is only 60% proper
Taint analysis shows 4 unsanitized paths

Vulnerabilities

None known

Fix Duplicates Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Fix Duplicates Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

75 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared7 total queries

Output Escaping

60% escaped126 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

fix_duplicates_admin_main (fix-duplicates-admin.php:69)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Fix Duplicates Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_duplicate_entry_applyfix-duplicates-admin.php:577

authwp_ajax_duplicate_trash_individualfix-duplicates-admin.php:593

WordPress Hooks 5

actionadmin_menufix-duplicates-admin.php:11

filterplugin_action_linksfix-duplicates-admin.php:27

actionadmin_enqueue_scriptsfix-duplicates-admin.php:44

actionadmin_headfix-duplicates-admin.php:64

actioninitfix-duplicates.php:50

Maintenance & Trust

Fix Duplicates Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedNov 28, 2017

PHP min version

Downloads52K

Community Trust

Rating86/100

Number of ratings12

Active installs900

Alternatives

Fix Duplicates Alternatives

Trash Duplicate and 301 Redirect

trash-duplicate-and-301-redirect

Find and delete duplicates posts, pages, custom post type posts and set 301 redirect to the new or old URL.

1K 1 unpatched

Delete Duplicate Posts

delete-duplicate-posts

Get rid of duplicate posts and pages (any post type) on your blog with manual or automatic modes.

20K 2 CVEs

Duplicate Post

copy-delete-posts

Duplicate post

300K 2 CVEs

Clone Posts

clone-posts

100

Easily clone (duplicate) Posts, Pages and Custom Post Types, including their custom fields (post_meta)

10K No CVEs

Duplica – Duplicate Posts, Pages, Custom Posts or Users

duplica

Duplicate posts, pages or custom posts with a single click.

2K 1 CVE

Developer Profile

Fix Duplicates Developer Profile

Stephen Cronin

3 plugins · 8K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Fix Duplicates

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fix-duplicates/images/fix-duplicates-icon-16.png

Script Paths

/wp-content/plugins/fix-duplicates/includes/fix-duplicates.js

Version Parameters

fix-duplicates/includes/fix-duplicates.css?ver=fix-duplicates/includes/fix-duplicates.js?ver=

HTML / DOM Fingerprints

HTML Comments

FAQ