CVEs-PoC/2023/CVE-2023-4792.md

### [CVE-2023-4792](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4792)
![](https://img.shields.io/static/v1?label=Product&message=Duplicate%20Post%20Page%20Menu%20%26%20Custom%20Post%20Type&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=*%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brightgreen)

### Description

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes it possible for authenticated attackers with subscriber access or higher to duplicate posts and pages.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/20142995/nuclei-templates