CVE-2023-6444
published 2024-03-11CVE-2023-6444: The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an…
PriorityP339medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
2.46%
82.5th percentile
The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| castos | seriously_simple_podcasting | < 3.0.0 | 3.0.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated crafted requests returning HTTP 200 with content-type text/xml to Seriously Simple Podcasting endpoints may indicate exploitation of CVE-2023-6444, leaking the podcast/admin owner email address. ↗
- ·The vulnerability only affects Seriously Simple Podcasting WordPress plugin versions before 3.0.0. Ensure version checks are scoped accordingly when deploying detections. ↗
- ·The leaked email address is the podcast owner's email, which by default is the WordPress admin email — making this a high-value information disclosure for further targeted attacks. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Seriously Simple Podcasting < 3.0.0 - Information Disclosure
nuclei·CVSS 5.3
CVE-2023-6444 [MEDIUM] Seriously Simple Podcasting < 3.0.0 - Information Disclosure
Seriously Simple Podcasting ","")'
- 'contains(content_type,"text/xml")'
- "status_code == 200"
condition: and
# digest: 4a0a00473045022100a7834b2a439fba6418df5985567538c01423ca68e502ef6ef8b669501cd13792022069d6890db828a035ac67b9e6ef5f9702df7eff33205dcf78ceab9f5a8b6bacd1:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2024-03-11
Published