5.3

CVE-2024-1109

Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export

Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.
Mögliche Gegenmaßnahme
Podlove Podcast Publisher: Update to version 4.0.12, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PodlovePodlove Podcast Publisher SwPlatformwordpress Version <= 4.0.11
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Podlove Podcast Publisher
Version *-4.0.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.55% 0.417
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security@wordfence.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/podlove/podlove-publisher/commit/0ac83d1955aa964a358833b1b5ce790fff45b3f4
Patch
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail=
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/a7b25b66-e9d1-448d-8367-cce4c0dec635?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/a7b25b66-e9d1-448d-8367-cce4c0dec635
Third Party Advisory