WordPress Post Expirator plugin <= 2.5.1 - Arbitrary Post Schedule Deletion vulnerability

post-expirator

Software
Post Expirator
Vulnerable Versions
<= 2.5.1
Fixed in version
2.6.0
CVE
CVE-2021-24783
Credits
Classification
Other Vulnerability Type
OWASP Top 10
A5: Broken Access Control
Disclosure Date
2021-10-11
CVSS 3.0 score

3.8

Low

Requires contributor or higher role user.

Are your websites subject to this vulnerability?

Details

Arbitrary Post Schedule Deletion vulnerability discovered by apple502j in WordPress Post Expirator plugin (versions <= 2.5.1).

Solution

Update the WordPress Post Expirator plugin to the latest available version (at least 2.6.0).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.