CVE-2024-12472

Name of the Vulnerable Software and Affected Versions Post Duplicator plugin for WordPress version 2.36 and earlier

Description The issue is related to Information Exposure due to insufficient restrictions on which posts can be duplicated, making it possible for authenticated attackers with Contributor-level access and above to extract data from password protected, private, or draft posts by duplicating the post. This is achieved via the mtphr duplicate post() function.

Recommendations For Post Duplicator plugin for WordPress version 2.36 and earlier, update to a version later than 2.36 to resolve the issue. As a temporary workaround, consider restricting access to the mtphr duplicate post() function to minimize the risk of exploitation. Additionally, restrict the ability to duplicate posts to only trusted users to prevent unauthorized data exposure.