Medium severity4.3NVD Advisory· Published Mar 24, 2025· Updated Apr 23, 2026No known patch

CVE-2025-30543

No known patch is available for this vulnerability.

The affected plugin has been removed from the WordPress.org directory (reason: Security Issue), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.

CVE-2025-30543

Description

Missing authorization in Menu Duplicator WordPress plugin (copy-menu) allows unauthorized access to menu duplication functionality.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing authorization in Menu Duplicator WordPress plugin (copy-menu) allows unauthorized access to menu duplication functionality.

Vulnerability

The Menu Duplicator WordPress plugin (copy-menu) versions up to 1.0 contain a missing authorization vulnerability. The plugin fails to properly enforce access control checks, allowing exploitation of incorrectly configured access control security levels. The plugin has been closed and removed from the WordPress.org plugin directory as of March 11, 2025 due to a security issue [1].

Exploitation

An attacker with network access to the WordPress site can exploit the missing authorization to perform menu duplication operations without proper authentication or privileges. The exact exploitation steps are not disclosed in the available references, but the vulnerability is classified as missing authorization, indicating that the plugin does not verify user capabilities before executing sensitive actions.

Impact

Successful exploitation allows an attacker to duplicate menus without authorization, potentially leading to unauthorized modifications to site navigation. The impact is limited to menu duplication functionality, but could be combined with other vulnerabilities for further compromise. The CVSS score of 4.3 (Medium) reflects the moderate severity.

Mitigation

No patched version is available. The plugin has been closed and removed from the WordPress.org plugin directory as of March 11, 2025 [1]. Users who have the plugin installed should uninstall it immediately. No workaround is known. Since the plugin is no longer maintained, migration to an alternative menu management solution is recommended.

References

[CLOSED] Menu Duplicator

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Copy Menuinferred
Range: <=1.0
Package: https://wordpress.org/plugins/copy-menu
swayam.tejwani/Menu Duplicatorllm-create
Range: <=1.0

Patches

Plugin removedMenu Duplicatorcopy-menu

This plugin has been removed from the WordPress.org directory on 2025-03-11 (reason: Security Issue). No patched version is being distributed through the official directory. Users who have it installed should uninstall it.

Source: api.wordpress.org · directory page

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Plugin/copy-menu/vulnerability/wordpress-menu-duplicator-plugin-1-0-broken-access-control-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000