Lucene search
PRIOn knowledge basePRION:CVE-2024-1110HistoryFeb 07, 2024 - 11:15 a.m.
Design/Logic Flaw
2024-02-0711:15:00
PRIOn knowledge base
www.prio-n.com
4
design flaw
logic flaw
wordpress plugin
unauthorized modification
data vulnerability
capability check
version 4.0.11
unauthenticated attackers
plugin settings
nvd
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin’s settings.
| CPE | Name | Operator | Version |
|---|---|---|---|
| podlove_podcast_publisher | le | 4.0.11 |
References
github.com/podlove/podlove-publisher/commit/7873ff520631087e2f10737860cdcd64d53187ba
plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail=
www.wordfence.com/threat-intel/vulnerabilities/id/2c9cf461-572c-4be8-96e6-659acf3208f3?source=cve
Related
cve
cve
CVE-2024-1110
2024-02-07 11:15:09
osv
osv
CVE-2024-1110
2024-02-07 11:15:09
wpvulndb
wpvulndb
cvelist
cvelist
CVE-2024-1110
2024-02-07 11:02:38
nvd
nvd
CVE-2024-1110
2024-02-07 11:15:09
wordfence
wordfence