Does WP Clone any post type have any unpatched vulnerabilities?

Yes — WP Clone any post type currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is WP Clone any post type compatible with WordPress 6.8.5?

According to WordPress.org data, WP Clone any post type 3.6 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is WP Clone any post type compatible with PHP 7.4+?

WP Clone any post type requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Clone any post type updated?

WP Clone any post type was last updated on Apr 30, 2025. Frequent updates are generally a positive security signal.

What is WP Clone any post type's security score?

WP Clone any post type has a WP-Safety security score of 58/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Clone any post type Security & Risk Analysis

wordpress.org/plugins/wp-clone-any-post-type

Cloning posts, pages and custom post types in WordPress.

400 active installs v3.6 PHP 7.4+ WP 4.0+ Updated Apr 30, 2025

clone-bulk-page-postclone-page-postduplicate-custom-post-typeduplicate-pagesduplicate-post

C · Use Caution

CVEs total2

Unpatched2

Last CVEApr 1, 2025

Plugin page Download

Safety Verdict

Is WP Clone any post type Safe to Use in 2026?

Use With Caution

Score 58/100

WP Clone any post type has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Apr 1, 2025Updated 11mo ago

Risk Assessment

The "wp-clone-any-post-type" v3.6 plugin exhibits a mixed security posture. While it demonstrates good practices in avoiding dangerous functions and SQL injection vulnerabilities by using prepared statements, significant concerns arise from its attack surface. The presence of four AJAX handlers, all of which lack authentication checks, creates a considerable risk of unauthorized access and manipulation of plugin functionalities.

Taint analysis reveals flows with unsanitized paths, although no critical or high-severity issues were flagged in this specific analysis. However, the plugin's vulnerability history is a major red flag. With two known CVEs, both currently unpatched and classified as medium severity, and past vulnerabilities including 'Open Redirect' and 'Missing Authorization,' there's a clear pattern of authorization and input validation weaknesses. The most recent vulnerability from April 2025 further emphasizes the ongoing nature of these security flaws.

In conclusion, while the plugin's internal code hygiene for SQL and dangerous functions is commendable, the lack of authentication on critical entry points and a history of unpatched, authorization-related vulnerabilities make it a high-risk plugin. Users should exercise extreme caution and consider alternatives until these issues are addressed.

Key Concerns

Unprotected AJAX handlers
Unpatched CVEs (2 medium)
Flows with unsanitized paths
Low output escaping percentage

Vulnerabilities

WP Clone any post type Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-31871medium · 5.4URL Redirection to Untrusted Site ('Open Redirect')

WP Clone any post type <= 3.5 - Open Redirect

Apr 1, 2025Unpatched

CVE-2025-31872medium · 5.3Missing Authorization

WP Clone any post type <= 3.6 - Missing Authorization

Apr 1, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

WP Clone any post type Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

14% escaped14 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths

wcapt_any_post_clone_create (trunk\wp-clone-any-post-type.php:248)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

WP Clone any post type Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_wcapt_waptytrunk\wp-clone-any-post-type.php:32

noprivwp_ajax_wcapt_waptytrunk\wp-clone-any-post-type.php:33

authwp_ajax_wcapt_waptywp-clone-any-post-type.php:32

noprivwp_ajax_wcapt_waptywp-clone-any-post-type.php:33

WordPress Hooks 22

actionadmin_noticestrunk\wp-clone-any-post-type.php:22

actionadmin_menutrunk\wp-clone-any-post-type.php:23

actionadmin_inittrunk\wp-clone-any-post-type.php:24

actionadmin_footer-edit.phptrunk\wp-clone-any-post-type.php:25

actionadmin_noticestrunk\wp-clone-any-post-type.php:26

filterpost_row_actionstrunk\wp-clone-any-post-type.php:27

filterpage_row_actionstrunk\wp-clone-any-post-type.php:28

actionwp_loadedtrunk\wp-clone-any-post-type.php:29

actionload-edit.phptrunk\wp-clone-any-post-type.php:30

actionadmin_enqueue_scriptstrunk\wp-clone-any-post-type.php:31

actionadmin_noticeswp-clone-any-post-type.php:22

actionadmin_menuwp-clone-any-post-type.php:23

actionadmin_initwp-clone-any-post-type.php:24

actionadmin_footer-edit.phpwp-clone-any-post-type.php:25

actionadmin_noticeswp-clone-any-post-type.php:26

filterpost_row_actionswp-clone-any-post-type.php:27

filterpage_row_actionswp-clone-any-post-type.php:28

actionwp_loadedwp-clone-any-post-type.php:29

actionload-edit.phpwp-clone-any-post-type.php:30

actionadmin_enqueue_scriptswp-clone-any-post-type.php:31

filterplugin_row_metawp-clone-any-post-type.php:34

filterplugin_action_linkswp-clone-any-post-type.php:35

Maintenance & Trust

WP Clone any post type Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 30, 2025

PHP min version7.4

Downloads11K

Community Trust

Rating74/100

Number of ratings3

Active installs400

Alternatives

WP Clone any post type Alternatives

Duplicate Post

copy-delete-posts

Duplicate post

300K 2 CVEs

Duplicate Post – duplicate pages, copy content, clone posts

duplicate-post-rb

100

Duplicate Post RB makes it easy to duplicate posts, pages and custom post types. Create duplicate posts, clone content, automate duplication

2K No CVEs

Quick Copy – Duplicate Posts & Pages

duplicator-post-page

100

Easily duplicate any post or page, including all metadata and taxonomies, with just one click.

1K No CVEs

WP Duplicate Posts And Pages

wp-duplicate-posts-and-pages

License: GPLv2 or later Duplicate posts and pages, including custom post types.

100 No CVEs

Easy Post Duplicator

easy-post-duplicator

Plugin duplicates the posts, pages all at once based on the post type,post status and even year of posts created.

80 2 unpatched

Developer Profile

WP Clone any post type Developer Profile

Galaxy Weblinks

40 plugins · 25K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

310 days

View full developer profile

Detection Fingerprints

How We Detect WP Clone any post type

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-clone-any-post-type/includes/css/wp-clone-any-post-type-style.css/wp-content/plugins/wp-clone-any-post-type/includes/js/wp-clone-any-post-type-main.js

Script Paths

/wp-content/plugins/wp-clone-any-post-type/includes/js/wp-clone-any-post-type-main.js

Version Parameters

wp-clone-any-post-type/includes/css/wp-clone-any-post-type-style.css?ver=wp-clone-any-post-type/includes/js/wp-clone-any-post-type-main.js?ver=

HTML / DOM Fingerprints

Data Attributes

wp_any_posts_clone_noticewcapt_clone_post_types

JS Globals

wpclone_ajax_object

FAQ