CVE-2021-24783

CVE-2021-24783: Post Expirator < 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion

Vendor Unknown

Product Post Expirator: Automatically Unpublish WordPress Posts

Weakness CWE-863 · Incorrect authorization

Published November 8, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts.

Key dates

02Disclosure timeline

November 8, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24783

Related vulnerabilities

04Related CVE

CVE-2026-27646 OpenClaw < 2026.3.7 - Sandbox Escape via /acp spawn Command CVE-2023-49734 Apache Superset: Privilege Escalation Vulnerability CVE-2026-41379 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send to Admin-Class Talk Voice Config CVE-2024-12196 CVE-2025-49549 Adobe Commerce | Incorrect Authorization (CWE-863)