Post Cloner Security & Risk Analysis
wordpress.org/plugins/post-clonerPost cloner allows you to easily make complete duplicates of any post on your site. That includes posts, pages and custom post types.
Is Post Cloner Safe to Use in 2026?
Use With Caution
Score 63/100Post Cloner has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The 'post-cloner' plugin version 1.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries, includes a nonce check, and a capability check. Furthermore, the static analysis shows a remarkably small attack surface with no detected AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication.
However, significant concerns arise from the presence of the `unserialize` function, which is a known vector for remote code execution if used with untrusted input. The taint analysis indicates one flow with an unsanitized path, although it's not classified as critical or high severity. Coupled with this, the plugin has a history of known vulnerabilities, with one medium severity issue currently unpatched. The fact that the last vulnerability was so recent (December 2025) suggests a pattern of security weaknesses that may not be fully addressed by the development team.
In conclusion, while the plugin's minimal attack surface and use of prepared statements are strengths, the presence of `unserialize`, an unsanitized taint flow, and an unpatched vulnerability present notable risks. The potential for misuse of `unserialize` combined with the historical vulnerability record warrants careful consideration and immediate attention to the unpatched CVE.
Key Concerns
- Unpatched CVE (medium severity)
- Dangerous function: unserialize
- Flows with unsanitized paths
- Low output escaping (17%)
- Bundled outdated library: Select2 v3.5.4
Post Cloner Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Post Cloner <= 1.0.0 - Missing Authorization
Post Cloner Code Analysis
Dangerous Functions Found
Bundled Libraries
Output Escaping
Data Flow Analysis
Post Cloner Attack Surface
WordPress Hooks 5
Maintenance & Trust
Post Cloner Maintenance & Trust
Maintenance Signals
Community Trust
Post Cloner Alternatives
Clone Posts
clone-posts
Easily clone (duplicate) Posts, Pages and Custom Post Types, including their custom fields (post_meta)
Labinator Content Types Duplicator
labinator-content-types-duplicator
Duplicate posts, pages, widgets, menus, and any content types with one click. Copy or clone your content without limitations. It is 100% free!
DupZap
dupzap
Clone posts, pages, and custom post types with one click. Lightweight and intuitive!
Yoast Duplicate Post
duplicate-post
The go-to tool for cloning posts and pages, including the powerful Rewrite & Republish feature.
Duplicate Post
copy-delete-posts
Duplicate post
Post Cloner Developer Profile
15 plugins · 136K total installs
How We Detect Post Cloner
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/post-cloner/style.css/wp-content/plugins/post-cloner/js/post-cloner.js/wp-content/plugins/post-cloner/js/post-cloner.jspost-cloner/style.css?ver=post-cloner/js/post-cloner.js?ver=HTML / DOM Fingerprints
name="cloneable_post_types"id="select_cloneable_post_types"