Skip to main content

Post Expirator

2 CVEs product

Monthly

CVE-2026-39482 MEDIUM This Month

DOM-based cross-site scripting (XSS) in PublishPress Post Expirator WordPress plugin versions 4.9.4 and earlier allows authenticated users with limited privileges to inject malicious scripts that execute in the browsers of higher-privileged administrators viewing affected pages, potentially leading to unauthorized actions or credential theft. The vulnerability requires user interaction (administrator viewing the malicious content) and is confined to the application context, making it a medium-severity risk despite the high CVSS score-EPSS scoring of 0.03% percentile indicates low real-world exploitation probability.

XSS Post Expirator
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2021-24783 MEDIUM POC This Month

The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Post Expirator
NVD WPScan
CVSS 3.1
6.5
EPSS
0.8%
EPSS 0% CVSS 6.5
MEDIUM This Month

DOM-based cross-site scripting (XSS) in PublishPress Post Expirator WordPress plugin versions 4.9.4 and earlier allows authenticated users with limited privileges to inject malicious scripts that execute in the browsers of higher-privileged administrators viewing affected pages, potentially leading to unauthorized actions or credential theft. The vulnerability requires user interaction (administrator viewing the malicious content) and is confined to the application context, making it a medium-severity risk despite the high CVSS score-EPSS scoring of 0.03% percentile indicates low real-world exploitation probability.

XSS Post Expirator
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Post Expirator
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy