cleantalk
Vulnerabilities and Security Researches

Yoast Duplicate Post, CVE-2026-53740

CVE, Research URL

CVE-2026-53740

Home page URL

Security reports for Yoast Duplicate Post

Application

Yoast Duplicate Post

Published on
Jun 11, 2026
Research Description
Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice.
Affected versions
max 4.6.
Status
vulnerable
Previous vulnerability researches
Duplicate Page and Post (CVE-2025-31466) , Apr 02, 2025
Duplicate Page and Post (CVE-2025-31471) , Apr 02, 2025
Remove Duplicate Posts (1f5faa66dc6d492718ce5db9c3895b5840416340) , Jun 07, 2024
Remove Duplicate Posts (CVE-2023-29237) , Jun 10, 2024
Delete Duplicate Posts (CVE-2023-47754) , Jun 07, 2024
New vulnerability
Store Locator WordPress (CVE-2026-9060) , Jun 11, 2026
Woody code snippets – Insert Header Footer Code, AdSense Ads (CVE-2017-20251) , Jun 11, 2026
Custom Blocks Constructor – Lazy Blocks (CVE-2026-8981) , Jun 11, 2026
jQuery Hover Footnotes (CVE-2026-10738) , Jun 11, 2026
jQuery Hover Footnotes (CVE-2026-10553) , Jun 11, 2026