2 matches found
CVE-2024-4199 Bulk Posts Editing For WordPress <= 4.2.3 - Authenticated (Subscriber+) Missing Authorization
The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access an...
CVE-2024-4199
CVE-2024-4199 concerns the Bulk Posts Editing For WordPress plugin (all versions up to 4.2.3) with a missing capability check on AJAX actions, allowing authenticated users with subscriber+ privileges to invoke plugin functions. The Wordfence entry states unauthorized access could enable post crea...