CVE-2023-6444

Seriously Simple Podcasting < 3.0.0 - Unauthenticated Administrator Email Disclosure

CVSS 5.3 MEDIUMEPSS 2.5%

Vexday Risk Score

28Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 5.3EPSS 2.5%KEV nãoPoC —Nuclei simMetasploit —Patch —

Lifecycle

11 Mar 2024Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Unknown · Seriously Simple Podcasting

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wpscan.com/vulnerability/061c59d6-f4a0-4cd1-b945-5e92b9c2b4aa/