cleantalk
Vulnerabilities and Security Researches

Duplicate Post, CVE-2026-53738

CVE, Research URL

CVE-2026-53738

Home page URL

Security reports for Duplicate Post

Application

Duplicate Post

Published on
Jun 11, 2026
Research Description
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks.
Affected versions
max 1.5.4.
Status
vulnerable
Previous vulnerability researches
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2026-25385) , Feb 26, 2026
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2024-13362) , May 02, 2026
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2025-32134) , Apr 06, 2025
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2023-5605) , Jun 07, 2024
URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress (CVE-2021-24749) , Jun 07, 2024
New vulnerability
Form Vibes – Database Manager for Forms (CVE-2023-33999) , Jun 12, 2026
FormsCRM (CVE-2023-33999) , Jun 12, 2026
Place Order Without Payment for WooCommerce (CVE-2023-33999) , Jun 12, 2026
WPZOOM Portfolio (CVE-2026-49069) , Jun 12, 2026
wpForo Forum (CVE-2026-49767) , Jun 12, 2026