Skip to main content

Copy Delete Posts

1 CVEs product

Monthly

CVE-2026-53738 HIGH This Week

Broken authorization in the Copy & Delete Posts WordPress plugin through 1.5.4 lets any authenticated user assigned a plugin-enabled (non-admin) role invoke every operation exposed by the cdp_action_handling AJAX endpoint, enabling post deletion and plugin-setting tampering. The flaw stems from a missing per-function capability check that the dispatcher should enforce based on the f parameter. No public exploit identified at time of analysis and the CVE is not on CISA KEV.

Authentication Bypass Copy Delete Posts
NVD
CVSS 4.0
7.2
EPSS
0.0%
EPSS 0% CVSS 7.2
HIGH This Week

Broken authorization in the Copy & Delete Posts WordPress plugin through 1.5.4 lets any authenticated user assigned a plugin-enabled (non-admin) role invoke every operation exposed by the cdp_action_handling AJAX endpoint, enabling post deletion and plugin-setting tampering. The flaw stems from a missing per-function capability check that the dispatcher should enforce based on the f parameter. No public exploit identified at time of analysis and the CVE is not on CISA KEV.

Authentication Bypass Copy Delete Posts
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy