CVE-2021-24783: 
WordPress vulnerability analysis and mitigation

The Post Expirator WordPress plugin (versions before 2.6.0) contains a vulnerability identified as CVE-2021-24783, which was discovered and publicly disclosed on October 11, 2021. This security flaw affects the authorization controls within the plugin, potentially impacting WordPress installations using the affected versions (WPScan Advisory).

The vulnerability is classified as an Incorrect Authorization issue (CWE-863) with a CVSS v3.1 base score of 6.5 (Medium). The technical assessment indicates that the vulnerability stems from improper capability checks in the plugin's implementation. The vulnerability has been assigned a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, and high impact on integrity (NVD Database).

The vulnerability allows users with roles as low as Contributor to schedule deletion of arbitrary posts in the WordPress installation. This represents a significant elevation of privileges, as Contributors should not normally have the ability to delete or modify posts other than their own drafts (WPScan Advisory).

The vulnerability has been fixed in version 2.6.0 of the Post Expirator plugin. Users are advised to update to this version or later to mitigate the security risk (WPScan Advisory).