What the vulnerability does
01Description
Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist pre-publish-post-checklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pre-Publish Post Checklist: from n/a through <= 3.1.
Explanation of Vulnerability in Simple Terms
02Summary
The Pre-Publish Post Checklist plugin for WordPress versions 3.1 and earlier does not properly verify user permissions before allowing certain actions. A logged-in user with low privileges can modify post data without proper authorization checks. The vulnerability has a low integrity impact and does not affect data confidentiality or site availability.
What an attacker can do
03Attacker Capabilities
A logged-in user can modify post data without proper permission verification.
Potential impact on your site
04Site Impact
Unauthorized users may alter post content, metadata, or settings, potentially corrupting published or draft posts.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege WordPress account (e.g., contributor or subscriber role).
Key dates
06Disclosure timeline
June 27, 2025
CVE published
April 28, 2026
Record updated