Search criteria
2 vulnerabilities found for Bulk Datetime Change by Unknown
CVE-2021-24842 (GCVE-0-2021-24842)
Vulnerability from nvd – Published: 2021-11-29 08:25 – Updated: 2024-08-03 19:42
VLAI?
Title
Bulk Datetime Change < 1.12 - Missing Authorisation
Summary
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Bulk Datetime Change |
Affected:
1.12 , < 1.12
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2618982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bulk Datetime Change",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "1.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users\u0027 posts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-29T08:25:40",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2618982"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Bulk Datetime Change \u003c 1.12 - Missing Authorisation",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24842",
"STATE": "PUBLIC",
"TITLE": "Bulk Datetime Change \u003c 1.12 - Missing Authorisation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bulk Datetime Change",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.12",
"version_value": "1.12"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users\u0027 posts."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2618982",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2618982"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24842",
"datePublished": "2021-11-29T08:25:40",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:17.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24842 (GCVE-0-2021-24842)
Vulnerability from cvelistv5 – Published: 2021-11-29 08:25 – Updated: 2024-08-03 19:42
VLAI?
Title
Bulk Datetime Change < 1.12 - Missing Authorisation
Summary
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts.
Severity ?
No CVSS data available.
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Bulk Datetime Change |
Affected:
1.12 , < 1.12
(custom)
|
Credits
apple502j
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:17.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2618982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bulk Datetime Change",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "1.12",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "apple502j"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users\u0027 posts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-29T08:25:40",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2618982"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Bulk Datetime Change \u003c 1.12 - Missing Authorisation",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24842",
"STATE": "PUBLIC",
"TITLE": "Bulk Datetime Change \u003c 1.12 - Missing Authorisation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bulk Datetime Change",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.12",
"version_value": "1.12"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "apple502j"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users\u0027 posts."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2618982",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2618982"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24842",
"datePublished": "2021-11-29T08:25:40",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:17.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}