CVE-2026-53739
Deferred Deferred - Pending Action
Yoast Duplicate Post CSRF Bypass Disables Admin Notices

Publication date: 2026-06-10

Last updated on: 2026-06-11

Assigner: VulnCheck

Description
Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate_post_show_notice site option, suppressing admin notices network-wide.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-53739
EUVD
EUVD-2026-36140
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yoast duplicate_post to 4.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-53739 is a cross-site request forgery (CSRF) vulnerability in the Yoast Duplicate Post plugin through version 4.6. The vulnerability exists in the duplicate_post_dismiss_notice handler, which does not verify any nonce or user capability. This flaw allows attackers to trick any authenticated user into sending a request that changes the duplicate_post_show_notice site option, effectively suppressing admin notices across the entire network.

Impact Analysis

This vulnerability can impact you by allowing an attacker to manipulate site options without proper authorization. Specifically, it can suppress important admin notices network-wide by setting the duplicate_post_show_notice option. This could lead to administrators missing critical notifications or alerts, potentially reducing the visibility of important site events or warnings.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53739. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart