WP-Safety

Melopo Duplicate Cleaner Security & Risk Analysis

wordpress.org/plugins/melopo-duplicate-cleaner

Find and delete duplicate posts, pages and custom post types. Includes full CPT support, 301 redirects and scheduled scans.

0 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Mar 19, 2026
bulk-deletedatabase-cleanupduplicatespagesposts
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Melopo Duplicate Cleaner Safe to Use in 2026?

Generally Safe

Score 100/100

Melopo Duplicate Cleaner has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The Melopo Duplicate Cleaner plugin v1.0.0 demonstrates several positive security practices, including the exclusive use of prepared statements for all SQL queries and proper output escaping for all identified outputs. The absence of file operations and external HTTP requests further reduces potential attack vectors. The plugin also correctly implements nonce checks for its AJAX handlers and capability checks for its database interactions. Furthermore, the lack of any recorded vulnerabilities in its history suggests a generally stable and secure codebase.

However, a significant concern arises from the plugin's attack surface. Out of a total of 7 AJAX handlers, 5 lack authentication checks. This presents a substantial risk, as unauthenticated users could potentially trigger these handlers, leading to unintended actions or information disclosure depending on their functionality. While taint analysis shows no critical or high severity issues, the potential for exploiting unauthenticated AJAX endpoints remains a pressing concern. The presence of the Freemius v1.0 bundled library also warrants attention, as outdated bundled libraries can introduce security vulnerabilities if not maintained.

In conclusion, while Melopo Duplicate Cleaner exhibits good practices in its core coding (SQL, output, etc.) and has a clean vulnerability history, the lack of authentication on a majority of its AJAX endpoints is a critical security flaw that significantly lowers its overall security posture. Addressing these unauthenticated AJAX handlers should be the top priority.

Key Concerns

  • Unprotected AJAX handlers
  • Bundled outdated library (Freemius v1.0)
Vulnerabilities
None known

Melopo Duplicate Cleaner Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Melopo Duplicate Cleaner Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Melopo Duplicate Cleaner Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
13 prepared
Unescaped Output
0
484 escaped
Nonce Checks
5
Capability Checks
13
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared13 total queries

Output Escaping

100% escaped484 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

4 flows
<page-logs> (admin/views/page-logs.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Melopo Duplicate Cleaner Attack Surface

Entry Points7
Unprotected5

AJAX Handlers 7

authwp_ajax_ddpp_scanincludes/class-ddpp-bulk-actions.php:38
authwp_ajax_ddpp_bulk_trashincludes/class-ddpp-bulk-actions.php:39
authwp_ajax_ddpp_bulk_draftincludes/class-ddpp-bulk-actions.php:40
authwp_ajax_ddpp_bulk_whitelistincludes/class-ddpp-bulk-actions.php:41
authwp_ajax_ddpp_bulk_deleteincludes/class-ddpp-bulk-actions.php:42
authwp_ajax_ddpp_preview_postincludes/class-ddpp-bulk-actions.php:43
authwp_ajax_ddpp_whitelist_toggleincludes/class-ddpp-bulk-actions.php:44
WordPress Hooks 8
actionadmin_menuincludes/class-ddpp-admin.php:38
actionadmin_enqueue_scriptsincludes/class-ddpp-admin.php:39
actionadmin_post_ddpp_save_settingsincludes/class-ddpp-admin.php:40
actionadmin_post_ddpp_clear_whitelistincludes/class-ddpp-admin.php:41
actionadmin_post_ddpp_remove_whitelist_itemsincludes/class-ddpp-admin.php:42
actionadmin_post_ddpp_clear_logsincludes/class-ddpp-admin.php:43
actionafter_uninstallincludes/class-ddpp-freemius.php:69
actionplugins_loadedmelopo-duplicate-cleaner.php:127
Maintenance & Trust

Melopo Duplicate Cleaner Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 19, 2026
PHP min version7.4
Downloads170

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Melopo Duplicate Cleaner Alternatives

Smart Bulk Delete & Content Cleaner for WordPress

Smart Bulk Delete & Content Cleaner for WordPress

smart-bulk-content-remover

A
100

Safely bulk delete posts, pages, media, and comments with flexible filters and a clean interface.

80 No CVEs
Bulk Trash by URL

Bulk Trash by URL

bulk-trash-by-url

A
100

Bulk‑trash posts, pages and custom post types from pasted URLs. Fast URL mapping, batched processing with pause/resume, and an optional summary.

20 No CVEs
Duplicate Post

Duplicate Post

copy-delete-posts

A
99

Duplicate post

300K 2 CVEs
Display Posts – Easy lists, grids, navigation, and more

Display Posts – Easy lists, grids, navigation, and more

display-posts-shortcode

A
92

Add a listing of content on your website using a simple shortcode. Filter the results by category, author, and more.

80K No CVEs
CMS Tree Page View

CMS Tree Page View

cms-tree-page-view

B
84

Adds a tree view of all pages & custom posts. Get a great overview + options to drag & drop to reorder & option to add multiple pages.

50K 3 CVEs
Developer Profile

Melopo Duplicate Cleaner Developer Profile

Luis Peel

4 plugins · 1K total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Melopo Duplicate Cleaner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/melopo-duplicate-cleaner/assets/css/admin.css/wp-content/plugins/melopo-duplicate-cleaner/assets/js/admin.js/wp-content/plugins/melopo-duplicate-cleaner/assets/js/bulk-actions.js/wp-content/plugins/melopo-duplicate-cleaner/assets/js/core.js/wp-content/plugins/melopo-duplicate-cleaner/assets/js/logs.js/wp-content/plugins/melopo-duplicate-cleaner/assets/js/scheduler.js/wp-content/plugins/melopo-duplicate-cleaner/assets/js/settings.js/wp-content/plugins/melopo-duplicate-cleaner/assets/js/whitelist.js
Script Paths
/wp-content/plugins/melopo-duplicate-cleaner/assets/css/admin.css/wp-content/plugins/melopo-duplicate-cleaner/assets/js/admin.js/wp-content/plugins/melopo-duplicate-cleaner/assets/js/bulk-actions.js/wp-content/plugins/melopo-duplicate-cleaner/assets/js/core.js/wp-content/plugins/melopo-duplicate-cleaner/assets/js/logs.js/wp-content/plugins/melopo-duplicate-cleaner/assets/js/scheduler.js+2 more
Version Parameters
melopo-duplicate-cleaner/assets/css/admin.css?ver=melopo-duplicate-cleaner/assets/js/admin.js?ver=melopo-duplicate-cleaner/assets/js/bulk-actions.js?ver=melopo-duplicate-cleaner/assets/js/core.js?ver=melopo-duplicate-cleaner/assets/js/logs.js?ver=melopo-duplicate-cleaner/assets/js/scheduler.js?ver=melopo-duplicate-cleaner/assets/js/settings.js?ver=melopo-duplicate-cleaner/assets/js/whitelist.js?ver=

HTML / DOM Fingerprints

CSS Classes
ddpp-bulk-action-submitddpp-buttonddpp-descriptionddpp-form-rowddpp-main-navddpp-nav-linkddpp-noticeddpp-pagination+16 more
HTML Comments
<!-- This is a premium-only feature and cannot be enabled in the free version. --><!-- This is a Pro-only feature. --><!-- This plugin is currently in debug mode. -->
Data Attributes
data-ddpp-actiondata-ddpp-bulk-actiondata-ddpp-delete-iddata-ddpp-log-iddata-ddpp-post-iddata-ddpp-post-type+19 more
JS Globals
ddpp_admin_paramsddpp_ajax_urlddpp_current_urlddpp_i18nddpp_nonceddpp_options+2 more
REST Endpoints
/wp-json/melopo-duplicate-cleaner/v1/scan/wp-json/melopo-duplicate-cleaner/v1/settings/wp-json/melopo-duplicate-cleaner/v1/whitelist
FAQ

Frequently Asked Questions about Melopo Duplicate Cleaner