Post Duplicator < 2.32 – Missing Authorization via mtphr_duplicate_post | CVE 2023-49835

Affects Plugins

post-duplicator

Fixed in 2.32

References

CVE

CVE-2023-49835

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/e5665931-8da9-44db-a5b1-46acebf14f3b

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Huynh Tien Si

Verified

No

WPVDB ID

4e1d9089-944f-4d5e-9a04-0cac846b426c

Timeline

Publicly Published

2023-12-05 (about 2 years ago)

Added

2023-12-08 (about 2 years ago)

Last Updated

2023-12-08 (about 2 years ago)

Other

Published

Title

Published

2025-04-01

Title

WebinarPress <= 1.33.27 - Missing Authorization

Published

2025-11-20

Title

ELEX WordPress HelpDesk & Customer Ticketing System < 3.3.2 - Missing Authorization to Authenticated (Subscriber+) Trash Empty

Published

2025-11-03

Title

CE21 Suite 2.2.1 - 2.3.1 - Unauthenticated Privilege Escalation via Plugin Settings Update

Published

2024-10-15

Title

Multiline files upload for contact form 7 < 2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation

Published

2025-06-27

Title

Dashboard Widget Sidebar <= 1.2.3 - Missing Authorization