CYBERHAWK / CVE / CVE-2026-53738

CVE-2026-53738

HIGH CVSS 8.1 other

The flaw

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypas

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-53738

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits