WordPress Plugin Vulnerabilities

Bulk Delete <= 5.5.3 - Privilege Escalation

Description

The Bulk Delete WordPress plugin was affected by a Privilege Escalation security vulnerability.

Affects Plugins

Plugin icon
bulk-delete
Fixed in 5.5.4

References

URL
https://packetstormsecurity.com/files/#136067/
URL
https://www.securityfocus.com/archive/1/537681/30/0/threaded

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
738aa4ef-f992-4824-a2f7-bdef8ba10144

Timeline

Publicly Published
2016-03-03 (about 10 years ago)
Added
2016-03-03 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2026-04-07
Title
iControlWP < 5.5.4 - Unauthenticated Privilege Escalation
Published
2024-03-29
Title
WholesaleX < 1.3.3 - Unauthenticated Privilege Escalation
Published
2025-06-10
Title
CubeWP – All-in-One Dynamic Content Framework < 1.1.24 - Authenticated (Subscriber+) Privilege Escalation
Published
2025-07-22
Title
Social Streams <= 1.2.1 - Subscriber+ Privilege Escalation
Published
2022-10-10
Title
Automatic User Roles Switcher < 1.1.2 - Subscriber+ Privilege Escalation