cleantalk
Vulnerabilities and Security Researches

SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share, CVE-2024-6557

CVE, Research URL

CVE-2024-6557

Home page URL

Security reports for SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share

Application

SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share

Published on
Jul 16, 2024
Research Description
The SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.1.3. This is due the plugin utilizing the wpdeveloper library and leaving the demo files in place with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
Affected versions
Min -, max 5.1.4.
Status
vulnerable
Previous vulnerability researches
Scheduled Announcements Widget (CVE-2023-0363) , Jun 06, 2024
Scheduled (CVE-2025-31375) , Apr 11, 2025
SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share (CVE-2024-32717) , Jun 07, 2024
SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share (c97a1836615e03be701b5bacba00fa17f6ec2cf7) , Jun 07, 2024
SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share (CVE-2024-6557) , Jul 17, 2024
New vulnerability
WP Simple Booking Calendar (CVE-2025-39541) , Apr 20, 2025
WordPress Job Board and Recruitment Plugin – JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025