CVE-2025-13404 | atec Duplicate Page & Post Plugin up to 1.2.20 on WordPress duplicate_post authorization

November 25, 2025 Yanac

A vulnerability described as critical has been identified in atec Duplicate Page & Post Plugin up to 1.2.20 on WordPress. Affected is the function duplicate_post. Such manipulation leads to missing authorization.

This vulnerability is traded as CVE-2025-13404. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More

CVE-2025-13382 | Frontend File Manager Plugin up to 23.4 on WordPress REST API Endpoint /wpfm/v1/file-rename fileid resource injection
CVE-2025-13386 | Social Images Widget Plugin up to 2.1 on WordPress options_update authorization