Vulnerabilities

CVE-2025-14001 - WP Duplicate Page <= 1.8 - missing authorization to authenticated (contributor+)

2026-01-13 0 views admin

CVE ID : CVE-2025-14001 Published : Jan. 13, 2026, 12:15 p.m. | 27 minutes ago Description : The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate arbitrary posts, pages, and WooCommerce HPOS orders even when their role is explicitly excluded from the plugin's

CVE Details

CVE ID

CVE-2025-14001

Published

Jan. 13, 2026

Affected Product: WordPress

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-14001wordpress

CVE-2025-14001 - WP Duplicate Page <= 1.8 - missing authorization to authenticated (contributor+)

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-28400 - Docker Model Runner Unauthenticated Runtime Flag Injection via _configure Endpoint

CVE-2026-28288 - Dify has a user enumeration issue

CVE-2026-28272 - Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability

CVE-2026-28271 - Kiteworks Core is vulnerable to Server-Side Request Forgery (SSRF)

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting