cleantalk
Vulnerabilities and Security Researches

Podlove Podcast Publisher, CVE-2024-1109

CVE, Research URL

CVE-2024-1109

Home page URL

Security reports for Podlove Podcast Publisher

Application

Podlove Podcast Publisher

Published on
Feb 07, 2024
Research Description
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.
Affected versions
max 4.0.12.
Status
vulnerable
Previous vulnerability researches
Podlove Podcast Publisher (CVE-2024-52393) , Nov 14, 2024
Podlove Podcast Publisher (CVE-2021-24666) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2016-10941) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2016-10942) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2023-25472) , Jun 07, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025