Описание
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts.
Ссылки
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.12 (исключая)
cpe:2.3:a:bulk_datetime_change_project:bulk_datetime_change:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 35%
0.00146
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-862
CWE-863
Связанные уязвимости
CVSS3: 5.4
github
около 4 лет назад
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts.
EPSS
Процентиль: 35%
0.00146
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-862
CWE-863