The Duplicate Post plugin for WordPress, which was used up until version 1.4.1, had a security vulnerability that could be exploited with Cross-Site Request Forgery. This is because the plugin did not have proper validation on the ‘cdp_action_handling’ AJAX action. This meant that if an attacker could convince an administrator to click on a link, they could change the plugin settings, duplicate posts, and use other features that should only be available to authorized users.