CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/17 1:20 p.m.•6 views

CVE-2026-40722

5.5CVSS0.00188EPSS

Cvelist•added 2026/06/17 8:40 a.m.•26 views

CVE-2026-40722 WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability

5.5CVSS0.00188EPSS

CVE•added 2026/06/17 8:40 a.m.•12 views

CVE-2026-40722

CVE-2026-40722 : Missing Authorization vulnerability in Yoast SEO Premium for WordPress (plugin

5.5CVSS5.2AI score0.00188EPSS

EUVD•added 2026/06/11 12:32 a.m.•10 views

EUVD-2026-36141

Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can schedule a republish copy with a crafted title to execute script when an administrator views the resulting notice...

NVD•added 2026/06/10 10:17 p.m.•6 views

Exploits0References3

CVE-2026-53740

5.4CVSS0.00141EPSS

Vulnrichment•added 2026/06/10 8:39 p.m.•7 views

CVE-2026-53740 Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice

Cvelist•added 2026/06/10 8:39 p.m.•25 views

CVE-2026-53739 Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS0.00104EPSS

Cvelist•added 2026/06/10 8:39 p.m.•26 views

CVE-2026-53740 Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice

5.4CVSS0.00141EPSS

Vulnrichment•added 2026/06/10 8:39 p.m.•8 views

CVE-2026-53739 Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice

CVE•added 2026/06/10 8:39 p.m.•24 views

CVE-2026-53739

CVE-2026-53739 affects the WordPress plugin Yoast Duplicate Post up to version 4.6. The issue is a cross-site request forgery in the duplicate_post_dismiss_notice handler that does not verify a nonce or capability. This allows an attacker to trick an authenticated user into issuing a request that...

CVE•added 2026/06/10 8:39 p.m.•17 views

CVE-2026-53740

The CVE-2026-53740 entry describes a stored cross-site scripting flaw in Yoast Duplicate Post (through 4.6) where an unescaped post title and permalink is injected into the Classic Editor scheduled republish notice. Attackers can craft a title to cause script execution when an administrator views...

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48553

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate post dismiss notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate post show notice site option,...

Positive Technologies•added 2026/06/10 12:0 a.m.•11 views

Exploits0References3

PT-2026-48554

CNNVD•added 2026/06/10 12:0 a.m.•16 views

Exploits0References3

WordPress plugin Yoast Duplicate Post 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.4CVSS5.2AI score0.00141EPSS

CNNVD•added 2026/06/10 12:0 a.m.•12 views

WordPress plugin Yoast Duplicate Post 跨站请求伪造漏洞

RedhatCVE•added 2026/06/05 7:42 p.m.•7 views

CVE-2025-14481

The Yoast SEO plugin for WordPress is vulnerable to Insecure Direct Object References in all versions up to, and including, 26.5. This is due to insufficient authorization checks in the Meta Search REST API endpoint that fail to verify post ownership. This makes it possible for authenticated...

4.3CVSS5.4AI score0.00288EPSS