216.73.216.75

CVE-2026-53738

· Published 10/06/2026 22:17 · Modified 11/06/2026 15:22

Labels: CVE-2026-53738 2026-06-10CVE-2026-53738CWE-863[email protected]

Essential information

Published
10/06/2026 22:17
Modified
11/06/2026 15:22
Author
Creator
CVSS
7.2 HIGH (v3) 7.2 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpress / wordpress cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*
wordpress / plugin cpe:2.3:a:wordpress:plugin:*:*:*:*:*:*:*

References