First published: Wed Feb 07 2024(Updated: )
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
Podlove Podcast Publisher | <=4.0.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2024-1110 is considered high due to its ability to allow unauthorized data modification.
To fix CVE-2024-1110, update the Podlove Podcast Publisher plugin to version 4.0.12 or later.
CVE-2024-1110 affects all versions of the Podlove Podcast Publisher up to and including 4.0.11.
CVE-2024-1110 can be exploited by unauthenticated users, allowing them to import plugin settings without authorization.
The potential impact of CVE-2024-1110 includes unauthorized access to and modification of the plugin's settings, which could compromise site integrity.