Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing capability checks in the clonebulkactionhandler and republishrequest functions. An attacker can duplicate or overwrite posts, including those they should not have access to, by sending crafted reques...

GHSA-G9W4-M5FX-X3WV Yoast Duplicate Post has an Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

The Yoast Duplicate Post plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clonebulkactionhandler and republishrequest functions in all versions up to, and including, 4.5. This makes it possible for authenticated attackers, with...

CVE-2026-1217

The CVE-2026-1217 issue affects the WordPress plugin Yoast Duplicate Post, where a missing capability check in clone_bulk_action_handler() and republish_request() enables authenticated attackers (Contributor level and above) to duplicate any post, including private/draft/trashed posts. Additional...

CVE-2026-2879

The CVE-2026-2879 entry concerns GetGenie (WordPress) plugin

WordPress GetGenie plugin <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/Deletion vulnerability

Insecure Direct Object Reference to Authenticated Author+ Arbitrary Post Overwrite/Deletion vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin GetGenie versions = 4.3.2...