{
  "CVE_data_meta": {
    "ID": "CVE-2021-24842",
    "ASSIGNER": "contact@wpscan.com",
    "STATE": "PUBLIC",
    "TITLE": "Bulk Datetime Change < 1.12 - Missing Authorisation"
  },
  "data_format": "MITRE",
  "data_type": "CVE",
  "data_version": "4.0",
  "generator": "WPScan CVE Generator",
  "affects": {
    "vendor": {
      "vendor_data": [
        {
          "vendor_name": "Unknown",
          "product": {
            "product_data": [
              {
                "product_name": "Bulk Datetime Change",
                "version": {
                  "version_data": [
                    {
                      "version_affected": "<",
                      "version_name": "1.12",
                      "version_value": "1.12"
                    }
                  ]
                }
              }
            ]
          }
        }
      ]
    }
  },
  "description": {
    "description_data": [
      {
        "lang": "eng",
        "value": "The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the posted date of other users' posts."
      }
    ]
  },
  "references": {
    "reference_data": [
      {
        "refsource": "MISC",
        "url": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2",
        "name": "https://wpscan.com/vulnerability/054bd981-dbdd-47dd-bad0-fa327e5860a2"
      },
      {
        "refsource": "CONFIRM",
        "url": "https://plugins.trac.wordpress.org/changeset/2618982",
        "name": "https://plugins.trac.wordpress.org/changeset/2618982"
      }
    ]
  },
  "problemtype": {
    "problemtype_data": [
      {
        "description": [
          {
            "value": "CWE-862 Missing Authorization",
            "lang": "eng"
          }
        ]
      }
    ]
  },
  "credit": [
    {
      "lang": "eng",
      "value": "apple502j"
    }
  ],
  "source": {
    "discovery": "EXTERNAL"
  }
}