CVE-2026-53739

Publié : 10 juin 2026

Modifié : 10 juin 2026

Score CVSS

4.3

MEDIUM

Description détaillée

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Références et Patchs

https://wordpress.org/plugins/duplicate-post/https://www.vulncheck.com/advisories/yoast-duplicate-post-through-cross-site-request-forgery-via-duplicate-post-dismiss-notice

Dernières Vulnérabilités

CVE-2026-2827

The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions up to, and including, 1.4.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

VOIR DÉTAILS

CVE-2026-53465

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.

VOIR DÉTAILS

CVE-2026-53464

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid options to the wand option parser a small memory leak will occur. This issue has been patched in version 7.1.2-25.

VOIR DÉTAILS