22 matches found
SchedulePress < 5.0.5 - Contributor+ Arbitrary Post Update/Deletion
Description The plugin does not have proper capability checks on several REST API endpoints, allowing contributors and above roles to edit and delete arbitrary posts...
WordPress SchedulePress Plugin <= 5.0.4 is vulnerable to Broken Access Control
Software SchedulePress Type Plugin Vulnerable versions = 5.0.4 Fixed in 5.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aa83517bf4e8 Credits Unknown Required privilege Contributor...