4 matches found
CVE-2024-1772
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the playpodcastdata post meta. This makes it possible for authenticated...
CVE-2024-1772
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the playpodcastdata post meta. This makes it possible for authenticated...
CVE-2024-1772
The CVE-2024-1772 entry concerns the Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio WordPress plugin (versions up to and including 3.6.4). It describes a PHP Object Injection via deserialization of untrusted input from the play_podcast_data post meta, exploitable by authentic...
WordPress Play.ht Plugin <= 3.6.4 is vulnerable to PHP Object Injection
Software Play.ht Type Plugin Vulnerable versions = 3.6.4 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1772 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 571b81755147 Credits Francesco Carlucci Required privilege Contribut...