CVE-2023-6444

2024-03-1118:15:17

[email protected]

web.nvd.nist.gov

cve-2023-6444

seriously simple podcasting

wordpress

plugin

security vulnerability

email disclosure

unauthenticated crafted request

nvd

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner’s email address (which by default is the admin email address) via an unauthenticated crafted request.

Affected configurations

Vulners

Node

castosseriously_simple_podcastingRange<3.0.0

VendorProductVersionCPE
castosseriously_simple_podcasting*cpe:2.3:a:castos:seriously_simple_podcasting:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
castos	seriously_simple_podcasting	*	cpe:2.3:a:castos:seriously_simple_podcasting::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Seriously Simple Podcasting",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "3.0.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]