cleantalk
Vulnerabilities and Security Researches

Duplicate Post, CVE-2026-53738

CVE, Research URL

CVE-2026-53738

Home page URL

Security reports for Duplicate Post

Application

Duplicate Post

Published on
Jun 11, 2026
Research Description
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks.
Affected versions
max 1.5.4.
Status
vulnerable
Previous vulnerability researches
Remove Duplicate Posts (1f5faa66dc6d492718ce5db9c3895b5840416340) , Jun 07, 2024
Remove Duplicate Posts (CVE-2023-29237) , Jun 10, 2024
New vulnerability
Place Order Without Payment for WooCommerce (CVE-2023-33999) , Jun 12, 2026
WPZOOM Portfolio (CVE-2026-49069) , Jun 12, 2026
wpForo Forum (CVE-2026-49767) , Jun 12, 2026
Easy Image Collage (CVE-2026-9019) , Jun 12, 2026
Stop WP Emails Going to Spam (CVE-2023-33999) , Jun 12, 2026