The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-02-07T11:02:39.482Z

Updated: 2024-08-01T18:26:30.508Z

Reserved: 2024-01-31T12:50:01.629Z

Link: CVE-2024-1109

cve-icon Vulnrichment

Updated: 2024-08-01T18:26:30.508Z

cve-icon NVD

Status : Modified

Published: 2024-02-07T11:15:08.683

Modified: 2024-11-21T08:49:48.980

Link: CVE-2024-1109

cve-icon Redhat

No data.