cbcvebase.
CVE-2023-6444
published 2024-03-11

CVE-2023-6444: The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an…

PriorityP339medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
2.46%
82.5th percentile
The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.

Affected

1 ranges
VendorProductVersion rangeFixed in
castosseriously_simple_podcasting< 3.0.03.0.0

Detection & IOCsextracted from sources · hover to see the quote

  • Unauthenticated crafted requests returning HTTP 200 with content-type text/xml to Seriously Simple Podcasting endpoints may indicate exploitation of CVE-2023-6444, leaking the podcast/admin owner email address.
  • ·The vulnerability only affects Seriously Simple Podcasting WordPress plugin versions before 3.0.0. Ensure version checks are scoped accordingly when deploying detections.
  • ·The leaked email address is the podcast owner's email, which by default is the WordPress admin email — making this a high-value information disclosure for further targeted attacks.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.