MultiSite Clone Duplicator Security & Risk Analysis
wordpress.org/plugins/multisite-clone-duplicatorClones an existing site into a new one in a multisite installation : copies all posts, settings and files
Is MultiSite Clone Duplicator Safe to Use in 2026?
Use With Caution
Score 63/100MultiSite Clone Duplicator has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The multisite-clone-duplicator plugin v1.5.3 presents a mixed security profile. On the positive side, it demonstrates good practices by implementing nonce checks and capability checks for its entry points. The absence of file operations and external HTTP requests also reduces the attack surface. Furthermore, all SQL queries are secured using prepared statements, which is a significant strength. However, a notable concern is the low percentage of properly escaped output (33%). This suggests a potential for Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of a medium-severity XSS CVE.
The vulnerability history indicates a pattern of past security weaknesses, specifically in improper input neutralization leading to XSS. The fact that one medium-severity CVE remains unpatched is a significant risk. While the static analysis didn't reveal critical taint flows or unsanitized paths, the unpatched XSS vulnerability combined with the low output escaping rate warrants careful attention. The plugin has a small attack surface with only one AJAX handler, and it is protected, which is good. However, the unpatched vulnerability is the most pressing issue, overshadowing the otherwise decent code security practices.
Key Concerns
- Unpatched medium severity CVE
- Low percentage of properly escaped output
MultiSite Clone Duplicator Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
MultiSite Clone Duplicator <= 1.5.3 - Reflected Cross-Site Scripting
MultiSite Clone Duplicator Release Timeline
MultiSite Clone Duplicator Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
MultiSite Clone Duplicator Attack Surface
AJAX Handlers 1
WordPress Hooks 7
Maintenance & Trust
MultiSite Clone Duplicator Maintenance & Trust
Maintenance Signals
Community Trust
MultiSite Clone Duplicator Alternatives
WP Quick Post Duplicator
wp-quick-post-duplicator
Copy or Duplicate any post types, including pages, taxonomies & custom fields with a single click.
WP Widget Clipboard – Duplicate widgets intuitively
wp-widget-clipboard
Duplicate multiple widgets by drag & drop.
Yoast Duplicate Post
duplicate-post
The go-to tool for cloning posts and pages, including the powerful Rewrite & Republish feature.
Duplicate Menu
duplicate-menu
Easily duplicate your WordPress menus with one click.
Fast Page & Post Duplicator
page-or-post-clone
Make a copy of posts and pages with just one click.
MultiSite Clone Duplicator Developer Profile
4 plugins · 6K total installs
How We Detect MultiSite Clone Duplicator
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/multisite-clone-duplicator/css/admin.css/wp-content/plugins/multisite-clone-duplicator/js/select2.min.js/wp-content/plugins/multisite-clone-duplicator/js/mucd-admin.js/wp-content/plugins/multisite-clone-duplicator/js/select2.min.js/wp-content/plugins/multisite-clone-duplicator/js/mucd-admin.jsmultisite-clone-duplicator/css/admin.css?ver=multisite-clone-duplicator/js/select2.min.js?ver=multisite-clone-duplicator/js/mucd-admin.js?ver=HTML / DOM Fingerprints
mucd-notice-errormucd-notice-successmucd-button-duplicatemucd-disabledselect2-containerselect2-container--defaultselect2-container--belowselect2-container--opendata-mucd-actiondata-mucd-confirmmucd_ajaxurlmucd_site_listmucd_source_site