WordPress Plugin Vulnerabilities

Podlove Podcast Publisher < 4.1.1 - Missing Authorization

Description

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions such as do_repair() in versions up to, and including, 4.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.

Affects Plugins

Plugin icon
podlove-podcasting-plugin-for-wordpress
Fixed in 4.1.1

References

CVE
CVE-2024-32143
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ddfc0150-d05c-4027-80d2-64c565fdd56d

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Abdi Pranata
Verified
No
WPVDB ID
ad1861e9-23bc-4f34-a797-c81c98a0c90b

Timeline

Publicly Published
2024-04-12 (about 2 years ago)
Added
2024-04-17 (about 2 years ago)
Last Updated
2024-04-17 (about 2 years ago)

Other

Published
Title
Published
2025-11-17
Title
Restrictions for BuddyPress < 1.5.3 - Missing Authorization to Unauthenticated Tracking Status Update
Published
2025-04-04
Title
Email Notifications for Updates < 1.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
Published
2025-12-12
Title
Eyewear prescription form <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary WooCommerce Category Deletion
Published
2025-05-19
Title
Shortlinks by Pretty Links < 3.6.16 - Missing Authorization
Published
2023-11-16
Title
wpMandrill <= 1.33 - Missing Authorization via getAjaxStats