6.3
CVE-2024-0828
- EPSS 0.36%
- Veröffentlicht 13.03.2024 16:15:13
- Zuletzt bearbeitet 08.04.2026 18:18:58
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPlay.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization
Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Missing Authorization
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio.
Mögliche Gegenmaßnahme
Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.279 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| security@wordfence.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d