HIGH
Inisev
CVE published 2026-06-10
CVE-2026-53738
CVE-2026-53738 is a HIGH severity vulnerability in the Copy & Delete Posts plugin for WordPress. The plugin's cdp_action_handling AJAX handler allows any plugin-enabled non-admin role to invoke every operation, including deleting posts and overwriting plugin settings. This is possible due to a lack of per-function capability checks. The vulnerability has a CVSS score of 7.2 and was published on [cvePublis [truncated]