cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-scheduled-posts wp-scheduled-posts

Direction: ascending
Jun 07, 2024

SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share # CVE-2024-32717

CVE, Research URL

CVE-2024-32717

Home page URL

Security reports for SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share

Application

SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share

Date
May 14, 2024
Research Description
Missing Authorization vulnerability in WPDeveloper SchedulePress.This issue affects SchedulePress: from n/a through 5.0.8.
Affected versions
Min -, max -.
Status
vulnerable

SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share # c97a1836615e03be701b5bacba00fa17f6ec2cf7

CVE, Research URL

c97a1836615e03be701b5bacba00fa17f6ec2cf7

Home page URL

Security reports for SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share

Application

SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share

Date
Nov 28, 2023
Research Description
SchedulePress – Auto Post &amp; Publish, Auto Social Share, Schedule Posts with Editorial Calendar &amp; Missed Schedule Post Publisher [wp-scheduled-posts] < 5.0.5 SchedulePress <= 5.0.4 - Insufficient Authorization to Authenticated (Contributor+) Arbitrary Post Modifications The SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share plugin for WordPress is vulnerable to unauthorized modification of data due to improper capability checks on several REST API endpoints in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with contributor-level access and above, to edit other's posts and delete other's posts.
Affected versions
Min -, max -.
Status
vulnerable
Jul 17, 2024

SchedulePress – Best Editorial Calendar, Missed Schedule &amp; Auto Social Share # CVE-2024-6557

CVE, Research URL

CVE-2024-6557

Home page URL

Security reports for SchedulePress – Best Editorial Calendar, Missed Schedule &amp; Auto Social Share

Application

SchedulePress – Best Editorial Calendar, Missed Schedule &amp; Auto Social Share

Date
Jul 16, 2024
Research Description
The SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. This is due the plugin utilizing the wpdeveloper library and leaving the demo files in place with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
Affected versions
Min -, max -.
Status
vulnerable