CVE-2024-1109

Name of the Vulnerable Software and Affected Versions Podlove Podcast Publisher plugin for WordPress versions prior to 4.0.12

Description The issue arises from a missing capability check on the init download() and init() functions, allowing unauthorized access to data. This enables unauthenticated attackers to export the plugin's tracking data and podcast information.

Recommendations For versions prior to 4.0.12, update to version 4.0.12 or later to resolve the issue. As a temporary workaround, consider disabling the init download() and init() functions until a patch is available.