The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2618982 | Release Notes Third Party Advisory |
https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-11-29T08:25:40
Updated: 2021-11-29T08:25:40
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24842
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-29T09:15:07.583
Modified: 2022-10-24T16:33:12.383
Link: CVE-2021-24842
JSON object: View
Redhat Information
No data.