Unauthorized Data Deletion in Trash Duplicate and 301 Redirect Plugin for WordPress
CVE-2024-13468
7.5HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 19 February 2025
What is CVE-2024-13468?
The Trash Duplicate and 301 Redirect plugin for WordPress is susceptible to unauthorized data deletion due to a lack of capability checks in the 'duplicates-action-top' action. This vulnerability allows unauthenticated attackers to delete any posts or pages, posing a significant risk to the integrity of WordPress sites using versions up to and including 1.9.
Affected Version(s)
Trash Duplicate and 301 Redirect * <= 1.9