CVE-2024-1772

Name of the Vulnerable Software and Affected Versions Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress versions up to, and including, 3.6.4

Description The issue allows authenticated attackers with contributor-level access and above to inject a PHP Object via deserialization of untrusted input from the play podcast data post meta. This could potentially lead to the deletion of arbitrary files, retrieval of sensitive data, or execution of code if a POP chain is present, possibly introduced by an additional plugin or theme on the target system.

Recommendations For versions up to, and including, 3.6.4, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.