CVE-2024-5997

Name of the Vulnerable Software and Affected Versions: The Duplica – Duplicate Posts, Pages, Custom Posts or Users plugin for WordPress versions up to, and including, 0.6

Description: The issue allows authenticated attackers with Subscriber-level access and above to create duplicates of users and posts/pages due to a missing capability check on the duplicate user and duplicate post functions. This enables unauthorized modification of data.

Recommendations: For versions up to, and including, 0.6, consider disabling the duplicate user and duplicate post functions until a patch is available to prevent unauthorized data modification. Restrict access to these functions to minimize the risk of exploitation.