CVE-2024-32712Missing Authorization in Podcast Publisher

CWE-862Missing AuthorizationCWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
CNA7.5
EPSS
0.3%
top 48.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Podlove Podcast Publisher
Timeline
PublishedMay 14

Description

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5podlove/podlove_podcast_publishern/a4.0.14

🔴Vulnerability Details

2
GHSA
GHSA-5g7f-9v94-gj5g: Missing Authorization vulnerability in Podlove Podlove Podcast Publisher2024-05-14
CVEList
WordPress Podlove Podcast Publisher plugin <= 4.0.14 - Broken Access Control vulnerability2024-05-09
CVE-2024-32712 — Missing Authorization | cvebase