cleantalk
Vulnerabilities and Security Researches

Duplicate Post, CVE-2026-53738

CVE, Research URL

CVE-2026-53738

Home page URL

Security reports for Duplicate Post

Application

Duplicate Post

Published on
Jun 11, 2026
Research Description
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks.
Affected versions
max 1.5.4.
Status
vulnerable
Previous vulnerability researches
Duplicate Post (CVE-2021-43408) , Jun 07, 2024
Duplicate Post (CVE-2023-0958) , Jun 07, 2024
Duplicate Post (CVE-2023-3977) , Jun 07, 2024
Duplicate Post (CVE-2024-31435) , Jun 07, 2024
Duplicate Post (CVE-2023-38514) , Mar 20, 2025
New vulnerability
The Ultimate Video Player For WordPress – by Presto Player (CVE-2026-9125) , Jun 12, 2026
Extra Fees Plugin for WooCommerce (CVE-2023-33999) , Jun 12, 2026
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery (CVE-2023-33999) , Jun 12, 2026
Form Vibes – Database Manager for Forms (CVE-2023-33999) , Jun 12, 2026
FormsCRM (CVE-2023-33999) , Jun 12, 2026