The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-02-07T11:02:39.482Z
Updated: 2024-07-05T17:20:47.411Z
Reserved: 2024-01-31T12:50:01.629Z
Link: CVE-2024-1109
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-02-07T11:15:08.683
Modified: 2024-02-10T04:13:21.610
Link: CVE-2024-1109
JSON object: View
Redhat Information
No data.
CWE