CVE-2026-53736
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type.
Risk Assessment
This vulnerability may lead to unauthorized duplication of posts, potentially affecting the organization's reputation and user trust. Attackers could exploit this flaw to manipulate content published by users.
Recommendation
It is recommended to update the Easy Twitter Feeds plugin to version 1.2.13 or later to mitigate this vulnerability. Additionally, implementing nonce verification mechanisms in action handling would enhance the application's security.
Original NVD description (English source)
Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type.

