Medium CVE-2026-53740 Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice. CVSS: 5.4 · CWE:...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[Medium] CVE-2026-53740 – Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink i...

VERWANDTEARTIKEL

CVE-2026-42908

CVE-2026-45639

[High] CVE-2026-53738 – Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke ...

[Medium] CVE-2026-53739 – Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerabi...

[Medium] CVE-2026-53741 – Simple Link Directory through 9.0.4 interpolates the sld_no_results_found option...

[Medium] CVE-2026-53742 – Simple Link Directory through 9.0.4 echoes embed shortcode attributes into HTML ...