cleantalk
Vulnerabilities and Security Researches

SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share, c97a1836615e03be701b5bacba00fa17f6ec2cf7

CVE, Research URL

c97a1836615e03be701b5bacba00fa17f6ec2cf7

Home page URL

Security reports for SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share

Application

SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share

Published on
Nov 28, 2023
Research Description
SchedulePress – Auto Post &amp; Publish, Auto Social Share, Schedule Posts with Editorial Calendar &amp; Missed Schedule Post Publisher [wp-scheduled-posts] < 5.0.5 SchedulePress <= 5.0.4 - Insufficient Authorization to Authenticated (Contributor+) Arbitrary Post Modifications The SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share plugin for WordPress is vulnerable to unauthorized modification of data due to improper capability checks on several REST API endpoints in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with contributor-level access and above, to edit other's posts and delete other's posts.
Affected versions
Min -, max 5.0.5.
Status
vulnerable
Previous vulnerability researches
Scheduled Announcements Widget (CVE-2023-0363) , Jun 06, 2024
Scheduled (CVE-2025-31375) , Apr 11, 2025
SchedulePress – Best Editorial Calendar, Missed Schedule &amp; Auto Social Share (CVE-2024-32717) , Jun 07, 2024
SchedulePress – Best Editorial Calendar, Missed Schedule &amp; Auto Social Share (c97a1836615e03be701b5bacba00fa17f6ec2cf7) , Jun 07, 2024
SchedulePress – Best Editorial Calendar, Missed Schedule &amp; Auto Social Share (CVE-2024-6557) , Jul 17, 2024
New vulnerability
WP Simple Booking Calendar (CVE-2025-39541) , Apr 20, 2025
WordPress Job Board and Recruitment Plugin &#8211; JobWP (CVE-2025-2010) , Apr 20, 2025
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025