PatchSiren cyber security CVE debrief
CVE-2026-53739 Yoast CVE debrief
CVE-2026-53739 is a medium-severity cross-site request forgery vulnerability in Yoast Duplicate Post through version 4.6. The vulnerability exists in the `duplicate_post_dismiss_notice` handler, which fails to verify a nonce or capability. This allows attackers to trick any authenticated user into sending a request that sets the `duplicate_post_show_notice` site option, effectively suppressing admin notices network-wide.
- Vendor
- Yoast
- Product
- Yoast Duplicate Post
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of the Yoast Duplicate Post plugin, particularly those using version 4.6 or earlier, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.1 and is classified as medium severity. It is characterized by the following CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
medium
Recommended defensive actions
- Update to a patched version of Yoast Duplicate Post (if available).
- Implement additional security measures to prevent cross-site request forgery attacks.
Evidence notes
The CVE record and NVD detail can be found at resourceLinkAnnotations: [cve-org, nvd]. Additional information is available at: [ref-4, ref-5].
Official resources
CVE-2026-53739 was published on 2026-06-10T22:17:02.230Z and modified on 2026-06-11T15:22:26.633Z.