Email Address Disclosure Vulnerability in Seriously Simple Podcasting WordPress Plugin
CVE-2023-6444

Currently unrated

Key Information:

Vendor: Wordpress
Status: Seriously Simple Podcasting
Vendor: CVE Published:; 11 March 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An unauthenticated crafted request can lead to the exposure of the podcast owner's email address, which typically aligns with the admin email address in the Seriously Simple Podcasting plugin for WordPress. This vulnerability persists in versions prior to 3.0.0, potentially impacting users by disclosing sensitive information without requiring authentication. Such exposure of personal data can lead to further security risks, including targeted phishing attacks.

Affected Version(s)

Seriously Simple Podcasting 0 < 3.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-6444 - Proof of Concept

References

https://wpscan.com/vulnerability/061c59d6-f4a0-4cd1-b945-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Aug 7, 2024
👾
Exploit known to exist
Aug 7, 2024
Vulnerability published
Mar 11, 2024
Vulnerability Reserved
Nov 30, 2023

Credit

Krzysztof Zając (CERT PL)

WPScan