Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-6444 — Sensitive Info Insertion into Sent Data in Seriously Simple Podcasting

CWE-201 — Sensitive Info Insertion into Sent Data4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

61.4%

top 1.67%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Castos Seriously Simple Podcasting

Timeline

PublishedMar 11

Description

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDcastos/seriously_simple_podcasting< 3.0.0

🔴Vulnerability Details

CVEList

Seriously Simple Podcasting < 3.0.0 - Unauthenticated Administrator Email Disclosure↗2024-03-11

▶

GHSA

GHSA-qhfg-qx72-6jw4: The Seriously Simple Podcasting WordPress plugin before 3↗2024-03-11

▶

💥Exploits & PoCs

Nuclei

Seriously Simple Podcasting < 3.0.0 - Information Disclosure

▶