WP Duplicate Page Missing Authorization Vulnerability Allows Sensitive Information Disclosure

A missing authorization vulnerability has been identified in the WP Duplicate Page plugin for WordPress, affecting all versions through 1.7. The issue arises because the plugin's 'saveSettings' function does not properly verify user authorization. This flaw enables authenticated attackers with Contributor-level access and above to alter plugin settings that manage role capabilities. Exploiting these misconfigured capabilities could allow them to duplicate and access password-protected posts containing sensitive information.

Impact

Exploitation of this vulnerability could lead to unauthorized duplication of posts and access to sensitive information in password-protected content.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can modify the settings of the WP Duplicate Page plugin. This can be done by accessing the 'Duplicate Page Settings' menu under the 'Options' menu in the WordPress admin dashboard. Once in the settings page, the user can change options that control role capabilities, such as which user roles are allowed to use the duplication feature. After saving the changes, the user can duplicate posts that are password-protected and contain sensitive information, thereby accessing the confidential content.

Remediation

Users are advised to update the WP Duplicate Page plugin to version 1.8 or later, where this vulnerability has been patched.