CVE Catalog

CVE-2026-53736

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

3th percentile - higher than 3% of all known CVEs

Summary

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type.

Risk Assessment

This vulnerability may lead to unauthorized duplication of posts, potentially affecting the organization's reputation and user trust. Attackers could exploit this flaw to manipulate content published by users.

Recommendation

It is recommended to update the Easy Twitter Feeds plugin to version 1.2.13 or later to mitigate this vulnerability. Additionally, implementing nonce verification mechanisms in action handling would enhance the application's security.

Original NVD description (English source)

Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verification. Attackers can trick an authenticated user into visiting a crafted link that duplicates any post regardless of post type.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS