WooCommerce Easy Duplicate Product < 0.3.0.8 – Missing Authorization via wedp_duplicate_product_action | CVE 2023-51523 | Plugin Vulnerabilities

Description

The WooCommerce Easy Duplicate Product plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wedp_duplicate_product_action() function hooked via AJAX in versions up to, and including, 0.3.0.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to duplicate products.

Affects Plugins

woo-easy-duplicate-product

Fixed in 0.3.0.8

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/02d11be0-2e2e-4c76-8a8e-f3f637b99809

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

fcfc86dc-e891-474e-8231-3b6a1d55951e

Timeline

Publicly Published

2023-12-27 (about 2 years ago)

Added

2024-01-04 (about 2 years ago)

Last Updated

2024-01-22 (about 2 years ago)

Other

Published

Title

Published

2024-09-24

Title

WP Free SSL – Free SSL Certificate for WordPress and force HTTPS <= 1.2.6 - Missing Authorization

Published

2025-10-04

Title

IgnitionDeck <= 2.0.10 - Missing Authorization

Published

2026-02-03

Title

SEO Flow by LupsOnline < 3.0.0 - Unauthenticated Arbitrary Post/Category Modification

Published

2025-12-31

Title

Featured Image Generator <= 1.3.3 - Missing Authorization

Published

2025-12-15

Title

JetFormBuilder < 3.5.4 - Missing Authorization to Unauthenticated Form Generation