CVE-2026-53738
Deferred Deferred - Pending Action
Copy & Delete Posts Plugin AJAX Handler Post Deletion and Settings Overwrite

Publication date: 2026-06-10

Last updated on: 2026-06-11

Assigner: VulnCheck

Description
Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-53738
EUVD
EUVD-2026-36139
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
copy_and_delete_posts copy_and_delete_posts to 1.5.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Copy & Delete Posts plugin version 1.5.4 and earlier. It allows any user with a plugin-enabled non-admin role to invoke all operations in the cdp_action_handling AJAX handler. Specifically, attackers with such roles can delete posts or overwrite plugin settings by exploiting the 'f' parameter, effectively bypassing the intended per-function capability checks.

Impact Analysis

The vulnerability can lead to unauthorized deletion of posts and modification of plugin settings by users who should not have such privileges. This can result in data loss, disruption of website content, and potential compromise of site functionality due to altered plugin configurations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53738. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart