Skip to main content

Podlove Podcast Publisher CVE-2024-1109

MEDIUM
Missing Authorization (CWE-862)
2024-02-07 security@wordfence.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch released
Apr 08, 2026 - 19:39 nvd
Patch available
CVE Published
Feb 07, 2024 - 11:15 nvd
MEDIUM 5.3

DescriptionCVE.org

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.

AnalysisAI

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information. Affected products include: Podlove Podlove Podcast Publisher.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.

CVE-2021-24666 CRITICAL POC
9.8 Sep 27

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by def

CVE-2024-32139 HIGH
8.5 Apr 15

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Po

CVE-2026-13001 CRITICAL
9.8 Jul 14

Arbitrary file upload in the Podlove Podcast Publisher WordPress plugin (all versions through 4.5.1) allows remote attac

CVE-2017-12949 HIGH
8.8 Aug 18

lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPr

CVE-2024-13730 MEDIUM POC
4.8 May 15

The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which cou

CVE-2024-13729 MEDIUM POC
4.8 May 15

The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which co

CVE-2024-43984 HIGH
8.8 Oct 31

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.1.13. Rated h

CVE-2024-32143 HIGH
8.8 Jun 11

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.1.0. Rated high severity (CVSS 8.8), this vulne

CVE-2023-25472 HIGH
8.8 May 23

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions. Rated hig

CVE-2024-32712 HIGH
7.5 May 14

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.0.14. Rated high severity (CVSS 7.5), this vuln

CVE-2024-29915 HIGH
7.1 Mar 27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Po

CVE-2024-32812 MEDIUM
5.4 Apr 24

Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.0.11. Rated medium severity (CVSS

Share

CVE-2024-1109 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy