[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faMZqYGUSPWyzo05N9VTqCXEpp6ccuuJdE4yaTO-sTQ4":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"WF-cd2c9b28-d5b5-4930-a441-f889ee2778cd-wp-scheduled-posts","schedulepress-insufficient-authorization-to-authenticated-contributor-arbitrary-post-modifications","SchedulePress \u003C= 5.0.4 - Insufficient Authorization to Authenticated (Contributor+) Arbitrary Post Modifications","The SchedulePress – Best Editorial Calendar, Missed Schedule & Auto Social Share plugin for WordPress is vulnerable to unauthorized modification of data due to improper capability checks on several REST API endpoints in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with contributor-level access and above, to edit other's posts and delete other's posts.","wp-scheduled-posts",null,"\u003C=5.0.4","5.0.5","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Improper Authorization","2023-11-28 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcd2c9b28-d5b5-4930-a441-f889ee2778cd?source=api-prod",56]