CVE Catalog

CVE-2026-53739

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

3th percentile - higher than 3% of all known CVEs

Summary

The Yoast Duplicate Post plugin up to version 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which does not verify nonce or capabilities. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide.

Risk Assessment

This vulnerability may lead to the ignoring of important admin notices, which can impact the security and management of the site. It allows attackers to manipulate site settings by tricking users.

Recommendation

It is recommended to update the Yoast Duplicate Post plugin to the latest version to mitigate this vulnerability. Additionally, implementing extra security measures, such as nonce verification in request handling, is advisable.

Original NVD description (English source)

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS