Yoast Duplicate Post Missing Authorization Vulnerability in WordPress

A vulnerability exists in the Yoast Duplicate Post plugin for WordPress, all versions through 4.5, allowing unauthorized data modification. This issue arises from a lack of capability checks in the clone_bulk_action_handler() and republish_request() functions. As a result, authenticated attackers with Contributor-level access or higher can duplicate any post, including private, draft, and trashed ones. Furthermore, attackers with Author-level access and above can use the Rewrite & Republish feature to overwrite any published post with their own content.

Impact

Exploitation of this vulnerability allows for unauthorized duplication of posts and overwriting of published content, potentially leading to misuse of post statuses and content management features.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can use the bulk action feature to duplicate posts. The absence of proper authorization checks allows access to private, draft, and trashed posts. Additionally, users with Author-level access can overwrite published posts using the Rewrite & Republish feature.

Remediation

Users are advised to update the Yoast Duplicate Post plugin to version 4.6 or later.