cleantalk
Vulnerabilities and Security Researches

Duplicate Post, CVE-2026-53738

CVE, Research URL

CVE-2026-53738

Home page URL

Security reports for Duplicate Post

Application

Duplicate Post

Published on
Jun 11, 2026
Research Description
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks.
Affected versions
max 1.5.4.
Status
vulnerable
Previous vulnerability researches
Duplicate Page and Post (CVE-2025-31466) , Apr 02, 2025
Duplicate Page and Post (CVE-2025-31471) , Apr 02, 2025
New vulnerability
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery (CVE-2023-33999) , Jun 12, 2026
Form Vibes – Database Manager for Forms (CVE-2023-33999) , Jun 12, 2026
FormsCRM (CVE-2023-33999) , Jun 12, 2026
Place Order Without Payment for WooCommerce (CVE-2023-33999) , Jun 12, 2026
WPZOOM Portfolio (CVE-2026-49069) , Jun 12, 2026