CVE-2021-24842
N/A
N/A
Summary
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Bulk Datetime Change | 1.12 < 1.12 | affected |
Weaknesses
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2
- https://plugins.trac.wordpress.org/changeset/2618982
References
- https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2
- https://plugins.trac.wordpress.org/changeset/2618982
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.