CVE-2024-43984

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

8.8HIGH

EPSS

0.5%

top 34.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Podlove Podlove Podcast Publisher

Timeline

PublishedOct 31

Description

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages2 packages

▶NVDpodlove/podlove_podcast_publisher< 4.1.14

▶CVEListV5podlove/podlove_podcast_publishern/a — 4.1.13

🔴Vulnerability Details

CVEList

WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability↗2024-10-31

▶

GHSA

GHSA-7gfw-hc24-935p: Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection↗2024-10-31

▶