Описание
The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.
Ссылки
- Product
- Third Party Advisory
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.0 (включая)
cpe:2.3:a:pawaryogesh1989:bulk_edit_post_titles:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 32%
0.00119
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
github
почти 2 года назад
The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.
EPSS
Процентиль: 32%
0.00119
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-862