CVE-2023-6444
Seriously Simple Podcasting < 3.0.0 - Unauthenticated Administrator Email Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.
El complemento Seriously Simple Podcasting de WordPress anterior a 3.0.0 revela la dirección de correo electrónico del propietario del podcast (que de forma predeterminada es la dirección de correo electrónico del administrador) a través de una solicitud manipulada no autenticada.
The Seriously Simple Podcasting plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.25.3 via the source code. This makes it possible for unauthenticated attackers to extract product owner emails, which can be an administrators.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-11-30 CVE Reserved
- 2024-02-17 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-10-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-201: Insertion of Sensitive Information Into Sent Data
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Wayne-Ker/CVE-2023-6444-POC | 2024-08-07 | |
| https://wpscan.com/vulnerability/061c59d6-f4a0-4cd1-b945-5e92b9c2b4aa | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Unknown Search vendor "Unknown" | Seriously Simple Podcasting Search vendor "Unknown" for product "Seriously Simple Podcasting" | < 3.0.0 Search vendor "Unknown" for product "Seriously Simple Podcasting" and version " < 3.0.0" | en |
Affected
| ||||||