3 matches found
CVE-2024-1109
The Podlove Podcast Publisher plugin for WordPress (versions ≤ 4.0.11) has a vulnerability caused by a missing capability check in the init_download() and init() functions, allowing unauthenticated attackers to export the plugin’s tracking data and podcast information. The issue is tied to Broken...
CVE-2024-1109 Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the initdownload and init functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracki...
WordPress Podlove Podcast Publisher Plugin <= 4.0.11 is vulnerable to Broken Access Control
Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.11 Fixed in 4.0.12 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1109 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 6b607bcd865e Credits Lucio Sá Required...