3 matches found
CVE-2024-1109 Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the initdownload and init functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracki...
CVE-2024-1109
The Podlove Podcast Publisher plugin for WordPress (versions ≤ 4.0.11) has a vulnerability caused by a missing capability check in the init_download() and init() functions, allowing unauthenticated attackers to export the plugin’s tracking data and podcast information. The issue is tied to Broken...
WordPress Podlove Podcast Publisher Plugin <= 4.0.11 is vulnerable to Broken Access Control
Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.11 Fixed in 4.0.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1109 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6b607bcd865e Credits Lucio Sá Required...