{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-24652", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-01-23T14:51:41.777Z", "datePublished": "2025-01-24T17:24:38.393Z", "dateUpdated": "2026-04-28T16:11:31.280Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "local-sync", "product": "WP Duplicate", "vendor": "revmakx", "versions": [{"changes": [{"at": "1.1.7", "status": "unaffected"}], "lessThanOrEqual": "1.1.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mika | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:34:30.724Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WP Duplicate: from n/a through <= 1.1.6.</p>"}], "value": "Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Duplicate: from n/a through <= 1.1.6."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:11:31.280Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/local-sync/vulnerability/wordpress-wp-duplicate-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress WP Duplicate plugin <= 1.1.6 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-24T18:46:52.524966Z", "id": "CVE-2025-24652", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-24T18:58:41.502Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24652", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-24T18:46:52.524966Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-24T18:46:53.796Z"}}], "cna": {"title": "WordPress WP Duplicate plugin <= 1.1.6 - Broken Access Control vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mika (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Revmakx", "product": "WP Duplicate \u2013 WordPress Migration Plugin", "versions": [{"status": "affected", "changes": [{"at": "1.1.7", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.1.6"}], "packageName": "local-sync", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress WP Duplicate \u2013 WordPress Migration Plugin wordpress plugin to the latest available version (at least 1.1.7).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress WP Duplicate \u2013 WordPress Migration Plugin wordpress plugin to the latest available version (at least 1.1.7).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/local-sync/vulnerability/wordpress-wp-duplicate-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Revmakx WP Duplicate \u2013 WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Duplicate \u2013 WordPress Migration Plugin: from n/a through 1.1.6.", "supportingMedia": [{"type": "text/html", "value": "<p>Missing Authorization vulnerability in Revmakx WP Duplicate \u2013 WordPress Migration Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects WP Duplicate \u2013 WordPress Migration Plugin: from n/a through 1.1.6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-01-24T17:24:38.393Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24652", "state": "PUBLISHED", "dateUpdated": "2025-01-24T18:58:41.502Z", "dateReserved": "2025-01-23T14:51:41.777Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-01-24T17:24:38.393Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in revmakx WP Duplicate local-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Duplicate: from n/a through <= 1.1.6."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en el complemento Revmakx WP Duplicate \u2013 WordPress Migration permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al complemento WP Duplicate \u2013 WordPress Migration Plugin: desde n/a hasta 1.1.6."}], "id": "CVE-2025-24652", "lastModified": "2026-04-23T15:25:13.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-01-24T18:15:39.517", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/local-sync/vulnerability/wordpress-wp-duplicate-plugin-1-1-6-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"created": "2026-05-02T05:30:26.177869+00:00", "updated": "2026-05-02T05:30:26.177880+00:00", "vendors": []}