CVE-2024-0828

Name of the Vulnerable Software and Affected Versions Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress versions up to, and including, 3.6.4

Description The issue allows authenticated attackers with subscriber access or higher to access functionality without proper authorization due to a missing capability check on several functions. This enables them to delete, retrieve, or modify post metadata, retrieve the contents of protected posts, modify conversion data, and delete article audio.

Recommendations For versions up to, and including, 3.6.4, update to a version higher than 3.6.4 to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality for users with subscriber access or higher until a patch is available.