CVE-2026-53739

Published
View on NVD ↗
CVSS v3
4.3
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide.

Yoast Duplicate Post
Yoast Duplicate Post
<p>This plugin allows users to clone posts of any type, or copy them to new drafts for further editing.</p> <p>How it works:</p> <ol> <li> <p>In &#8216;Edit Posts&#8217;/&#8217;Edit Pages&#8217;, you can click on &#8216;Clone&#8217; link below the post/page title: this will immediately create a copy and return to the list.</p> </li> <li> <p>In &#8216;Edit Posts&#8217;/&#8217;Edit Pages&#8217;, you can select one or more items, then choose &#8216;Clone&#8217; in the &#8216;Bulk Actions&#8217; dropdown to copy them all at once.</p> </li> <li> <p>In &#8216;Edit Posts&#8217;/&#8217;Edit Pages&#8217;, you can click on &#8216;New Draft&#8217; link below the post/page title.</p> </li> <li> <p>On the post edit screen, you can click on &#8216;Copy to a new draft&#8217; above &#8220;Cancel&#8221;/&#8221;Move to trash&#8221; or in the admin bar.</p> </li> <li> <p>While viewing a post as a logged in user, you can click on &#8216;Copy to a new draft&#8217; in the admin bar.</p> </li> </ol> <p>3, 4 and 5 will lead to the edit page for the new draft: change what you want, click on &#8216;Publish&#8217; and you&#8217;re done.</p> <p>There is also a <strong>template tag</strong>, so you can put it in your templates and clone your posts/pages from the front-end. Clicking on the link will lead you to the edit page for the new draft, just like the admin bar link.</p> <p>Duplicate Post has many useful settings to customize its behavior and restrict its use to certain roles or post types. Check out the extensive documentation on <a href="https://yoast.com/wordpress/plugins/duplicate-post/" rel="nofollow ugc">yoast.com</a> and our <a href="https://developer.yoast.com/duplicate-post/overview/" rel="nofollow ugc">developer docs</a>.</p> <h3>Contribute</h3> <p>If you find this useful and if you want to contribute, there are two ways:</p> <ol> <li>Submit your bug reports, suggestions and requests for features on <a href="https://github.com/Yoast/duplicate-post" rel="nofollow ugc">GitHub</a>;</li> <li>If you want to translate it to your language (there are just a few lines of text), you can use the <a href="https://translate.wordpress.org/projects/wp-plugins/duplicate-post" rel="nofollow ugc">translation project</a>;</li> </ol>
WordPress Plugin DirectoryWordPress Plugin Directory
39.7M