cleantalk
Vulnerabilities and Security Researches

Podlove Podcast Publisher, CVE-2024-1109

CVE, Research URL

CVE-2024-1109

Home page URL

Security reports for Podlove Podcast Publisher

Application

Podlove Podcast Publisher

Published on
Feb 07, 2024
Research Description
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.
Affected versions
Min -, max 4.0.12.
Status
vulnerable
Previous vulnerability researches
Podlove Podcast Publisher (CVE-2024-52393) , Nov 14, 2024
Podlove Podcast Publisher (CVE-2021-24666) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2016-10941) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2016-10942) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2023-25472) , Jun 07, 2024
New vulnerability
Push notification for Mobile and Web app (CVE-2025-48127) , May 18, 2025
ShayanWeb Admin FontChanger | افزونه‌ی تغییر فونت پیشخوان وردپرس شایان وب (CVE-2025-48114) , May 18, 2025
Interview (CVE-2025-48137) , May 18, 2025
Dot html,php,xml etc pages (CVE-2025-48112) , May 18, 2025
Sharespine Woocommerce Connector (CVE-2025-48128) , May 18, 2025