Unauthorized Access Vulnerability in Play.ht Plugin for WordPress
CVE-2024-0828

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Play.ht – Make Your Blog Posts Accessible With Text To Speech Audio
Vendor: CVE Published:; 13 March 2024

What is CVE-2024-0828?

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress has a vulnerability that allows authenticated attackers, with subscriber access or higher, to bypass functionality safeguards. A missing capability check on several critical functions exposes sensitive operations—such as modifying post metadata, accessing content from protected posts, and deleting audio files—making it essential for users to update their plugin to protect against exploitation.

Affected Version(s)

Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio * <= 3.6.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/play-ht/trunk/...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Jan 23, 2024

Credit

Francesco Carlucci