What the vulnerability does
01Description
Missing Authorization vulnerability in solwininfotech Trash Duplicate and 301 Redirect trash-duplicate-and-301-redirect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trash Duplicate and 301 Redirect: from n/a through <= 1.9.1.
Explanation of Vulnerability in Simple Terms
02Summary
The Trash Duplicate and 301 Redirect plugin for WordPress does not properly check user permissions before allowing certain actions. An unauthenticated attacker can trigger a denial-of-service condition by making repeated requests to the site. Update to a version newer than 1.9.1.
What an attacker can do
03Attacker Capabilities
Make the site temporarily unavailable or unresponsive by sending repeated requests.
Potential impact on your site
04Site Impact
Your site may become slow or unavailable during an attack; legitimate visitors may experience service interruptions.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
December 31, 2025
CVE published
April 28, 2026
Record updated