While looking into the details of a reflected cross-site scripting (XSS) vulnerability in the plugin Duplicate Page we noticed that there was no protection against cross-site request forgery (CSRF) when using the plugin’s functionality, duplicating a post or page.

As of version 2.3 the URLs for the duplication looks like this:


If there was protection against CSRF there

Powered by WPeMatico