CVE-2024-0369

Published: Mar 13, 2024Modified: Apr 8, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: security@wordfence.com (Secondary)

Description

The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts.

Affected (1)

Products: Pawaryogesh1989: Bulk Edit Post Titles

Pawaryogesh1989

1 product

Bulk Edit Post Titles

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pawaryogesh1989 Bulk Edit Post Titles	Up to 5.0.0

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://plugins.trac.wordpress.org/browser/bulk-edit-post-titles/trunk/classes/class.bulk.titles.php#L130

Source: security@wordfence.com

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve

Source: security@wordfence.com

Third Party Advisory

https://plugins.trac.wordpress.org/browser/bulk-edit-post-titles/trunk/classes/class.bulk.titles.php#L130

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.