cleantalk
Vulnerabilities and Security Researches

Podlove Podcast Publisher, CVE-2024-1110

CVE, Research URL

CVE-2024-1110

Home page URL

Security reports for Podlove Podcast Publisher

Application

Podlove Podcast Publisher

Published on
Feb 07, 2024
Research Description
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.
Affected versions
Min -, max 4.0.12.
Status
vulnerable
Previous vulnerability researches
Podlove Podcast Publisher (CVE-2024-52393) , Nov 14, 2024
Podlove Podcast Publisher (CVE-2021-24666) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2016-10941) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2016-10942) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2023-25472) , Jun 07, 2024
New vulnerability
Eventer (CVE-2025-39482) , May 18, 2025
Eventer (CVE-2025-39481) , May 18, 2025
Push notification for Mobile and Web app (CVE-2025-48127) , May 18, 2025
ShayanWeb Admin FontChanger | افزونه‌ی تغییر فونت پیشخوان وردپرس شایان وب (CVE-2025-48114) , May 18, 2025
Interview (CVE-2025-48137) , May 18, 2025