Yoast Duplicate Post

duplicate-post

WordPress Plugin Directory

wordpress.org

yoast.com

Releases45

Frequency4 months 4 weeks

Last Release about 1 month ago

Downloads39.7M

This plugin allows users to clone posts of any type, or copy them to new drafts for further editing.

How it works:

In ‘Edit Posts’/’Edit Pages’, you can click on ‘Clone’ link below the post/page title: this will immediately create a copy and return to the list.
In ‘Edit Posts’/’Edit Pages’, you can select one or more items, then choose ‘Clone’ in the ‘Bulk Actions’ dropdown to copy them all at once.
In ‘Edit Posts’/’Edit Pages’, you can click on ‘New Draft’ link below the post/page title.
On the post edit screen, you can click on ‘Copy to a new draft’ above “Cancel”/”Move to trash” or in the admin bar.
While viewing a post as a logged in user, you can click on ‘Copy to a new draft’ in the admin bar.

3, 4 and 5 will lead to the edit page for the new draft: change what you want, click on ‘Publish’ and you’re done.

There is also a template tag, so you can put it in your templates and clone your posts/pages from the front-end. Clicking on the link will lead you to the edit page for the new draft, just like the admin bar link.

Duplicate Post has many useful settings to customize its behavior and restrict its use to certain roles or post types. Check out the extensive documentation on yoast.com and our developer docs.

Contribute

If you find this useful and if you want to contribute, there are two ways:

Submit your bug reports, suggestions and requests for features on GitHub;
If you want to translate it to your language (there are just a few lines of text), you can use the translation project;

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-53739 ↗	Jun 10, 2026Wednesday, 10 June 2026, 22:17	4.3 MEDIUM	—
Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide.
CVE-2026-53740 ↗	Jun 10, 2026Wednesday, 10 June 2026, 22:17	5.4 MEDIUM	—
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice.
CVE-2019-25314 ↗	Feb 11, 2026Wednesday, 11 February 2026, 15:16	5.5 MEDIUM	—
Yoast Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields to execute arbitrary JavaScript in admin interfaces.