WordPress Plugin Vulnerabilities

Bulk Edit Post Titles <= 5.0.0 - Missing Authorization

Description

The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on an unknown function in versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action

Affects Plugins

Plugin icon
bulk-edit-post-titles
No known fix

References

CVE
CVE-2023-49754
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/bbdeaa77-72c9-4afc-8913-7a1e44cdeb82

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nguyen Xuan Chien
Verified
No
WPVDB ID
e956e9fd-53ef-4fc8-8942-e8f25b0f3f76

Timeline

Publicly Published
2023-12-04 (about 2 years ago)
Added
2023-12-09 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2025-12-12
Title
AnnunciFunebri Impresa < 4.7.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Options Deletion
Published
2024-05-20
Title
BookingPress < 1.0.83 - Missing Authorization to Appointment Time Alteration
Published
2025-05-07
Title
Graphina < 3.0.5 - Missing Authorization
Published
2025-01-16
Title
radSLIDE <= 2.1 - Missing Authorization
Published
2026-02-03
Title
Latest Post Shortcode < 14.2.2 - Missing Authorization