Description
WordPress Plugin Bulk Datetime Change is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently list private post titles of other users, or change the posted date of other users' posts. WordPress Plugin Bulk Datetime Change version 1.11 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.12 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:054BD981-DBDD-47DD-BAD0-FA327E5860A2
https://plugins.svn.wordpress.org/bulk-datetime-change/trunk/readme.txt
Related Vulnerabilities
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17774)
FluxBB Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2020-28873)
WordPress Plugin WordPress Gallery-NextGEN Gallery Cross-Site Request Forgery (3.28)
WordPress Plugin WP Google Maps Multiple Cross-Site Scripting Vulnerabilities (6.0.26)