Report
The Astra Bulk Edit plugin for WordPress is vulnerable to unauthorized missing authorization due to a missing capability check on the save_post_bulk_edit function in versions up to, and including, 1.2.7. This makes it possible for attackers with contributor-level access or higher to bulk edit posts.
Score:5.4
Severity:Medium
Version: 1.2.7
There is a patch available in v1.2.8 and we strongly recommend you update to this version as soon as possible.
