Unauthorized Data Deletion in Trash Duplicate and 301 Redirect Plugin for WordPress
CVE-2024-13468

7.5HIGH

Key Information:

Vendor: Solwininfotech
Status: Trash Duplicate And 301 Redirect
Vendor: CVE Published:; 19 February 2025

Summary

The Trash Duplicate and 301 Redirect plugin for WordPress is susceptible to unauthorized data deletion due to a lack of capability checks in the 'duplicates-action-top' action. This vulnerability allows unauthenticated attackers to delete any posts or pages, posing a significant risk to the integrity of WordPress sites using versions up to and including 1.9.

Affected Version(s)

Trash Duplicate and 301 Redirect * <= 1.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/trash-duplicate-and-301-red...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

Krzysztof Zając