CVE-2021-24842

Summary

The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts.

Affected Software

VendorProductVersion RangeStatus
UnknownBulk Datetime Change1.12 < 1.12affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References