Yoast Duplicate Post
Monthly
The Yoast Duplicate Post WordPress plugin through version 4.5 contains a missing capability check vulnerability in the clone_bulk_action_handler() and republish_request() functions, allowing authenticated attackers with Contributor-level access to duplicate restricted posts (private, draft, trashed) and Author-level attackers to overwrite published posts via the Rewrite & Republish feature. The vulnerability carries a CVSS score of 5.4 (medium severity) with ENISA EUVD tracking (EUVD-2026-12800), and Wordfence has documented specific vulnerable code paths in the plugin's bulk handler and post republisher modules.
The Yoast Duplicate Post WordPress plugin through version 4.5 contains a missing capability check vulnerability in the clone_bulk_action_handler() and republish_request() functions, allowing authenticated attackers with Contributor-level access to duplicate restricted posts (private, draft, trashed) and Author-level attackers to overwrite published posts via the Rewrite & Republish feature. The vulnerability carries a CVSS score of 5.4 (medium severity) with ENISA EUVD tracking (EUVD-2026-12800), and Wordfence has documented specific vulnerable code paths in the plugin's bulk handler and post republisher modules.