Skip to main content

Easy Twitter Feeds

1 CVEs product

Monthly

CVE-2026-53736 MEDIUM PATCH This Month

Cross-site request forgery in the Easy Twitter Feeds WordPress plugin (versions before 1.2.13) allows unauthenticated remote attackers to trigger unauthorized post duplication by tricking an authenticated site user into visiting a crafted URL. The duplicate_post action handler fails to verify WordPress nonces, meaning any authenticated user's browser session can be silently weaponized to clone posts of any post type without their knowledge. No public exploit code or CISA KEV listing has been identified at time of analysis; the vendor-released fix is version 1.2.13.

CSRF Easy Twitter Feeds
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Cross-site request forgery in the Easy Twitter Feeds WordPress plugin (versions before 1.2.13) allows unauthenticated remote attackers to trigger unauthorized post duplication by tricking an authenticated site user into visiting a crafted URL. The duplicate_post action handler fails to verify WordPress nonces, meaning any authenticated user's browser session can be silently weaponized to clone posts of any post type without their knowledge. No public exploit code or CISA KEV listing has been identified at time of analysis; the vendor-released fix is version 1.2.13.

CSRF Easy Twitter Feeds
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy