CVE-2026-53739
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
The Yoast Duplicate Post plugin up to version 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which does not verify nonce or capabilities. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide.
Risk Assessment
This vulnerability may lead to the ignoring of important admin notices, which can impact the security and management of the site. It allows attackers to manipulate site settings by tricking users.
Recommendation
It is recommended to update the Yoast Duplicate Post plugin to the latest version to mitigate this vulnerability. Additionally, implementing extra security measures, such as nonce verification in request handling, is advisable.
Original NVD description (English source)
Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide.

