Lucene search

WpvulndbWPVDB-ID:31D6C8DE-8CE1-429A-A598-1A7D9D291513

HistoryJun 13, 2024 - 12:00 a.m.

Podlove Web Player < 5.7.4 - Missing Authorization to Unauthenticated Information Exposure

2024-06-1300:00:00

wpscan.com

wordpress

unauthorized access

rest api

information exposure

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

JSON

Description The Podlove Web Player plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /shortcode REST API endpoint in all versions up to, and including, 5.7.3. This makes it possible for unauthenticated attackers to view information they should not have access to.

References

www.wordfence.com/threat-intel/vulnerabilities/id/0e2cf779-2355-461f-a289-11612e15acc6

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.4

Confidence

Low

JSON

Related for WPVDB-ID:31D6C8DE-8CE1-429A-A598-1A7D9D291513