Seriously Simple Podcasting < 3.0.0 – Unauthenticated Administrator Email Disclosure | CVE 2023-6444

Description

The plugin discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.

This was fixed in 3.0.0 for new plugin installation, however when upgrading, users will have to unset the "Owner email address" in the Feed Details settings

Proof of Concept

View the source of the page below and notice the email being disclosed:

https://example.com/?feed=itunes
https://example.com/feed/podcast/

Affects Plugins

seriously-simple-podcasting

Fixed in 3.0.0

References

CVE

CVE-2023-6444

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

Miscellaneous

Original Researcher

Krzysztof Zając (CERT PL)

Submitter

Krzysztof Zając (CERT PL)

Submitter website

https://cert.pl

Submitter twitter

cert_polska_en

Verified

Yes

WPVDB ID

061c59d6-f4a0-4cd1-b945-5e92b9c2b4aa

Timeline

Publicly Published

2024-02-17 (about 2 months ago)

Added

2024-02-17 (about 2 months ago)

Last Updated

2024-02-17 (about 2 months ago)

Other

Published

Title

Published

2023-10-11

Title

ChatBot < 4.9.1 - Unauthenticated Sensitive Data Disclosure

Published

2023-12-28

Title

WP Stripe Checkout < 1.2.2.38 - Sensitive Information Exposure via Debug Log

Published

2022-10-31

Title

DeepL Pro API Translation < 1.7.5 - API Key Disclosure

Published

2024-04-24

Title

Essential Addons for Elementor < 5.9.16 - Information Exposure

Published

2022-06-02

Title

Co-Authors-Plus 3.5/3.5.1 - Guest Authors Email Address Disclosure