Vulnerability Description
The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Castos | Seriously Simple Podcasting | < 3.0.0 |
References
- https://wpscan.com/vulnerability/061c59d6-f4a0-4cd1-b945-5e92b9c2b4aa/ExploitThird Party Advisory
- https://wpscan.com/vulnerability/061c59d6-f4a0-4cd1-b945-5e92b9c2b4aa/ExploitThird Party Advisory
FAQ
What is CVE-2023-6444?
CVE-2023-6444 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.
How severe is CVE-2023-6444?
CVE-2023-6444 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6444?
Check the references section above for vendor advisories and patch information. Affected products include: Castos Seriously Simple Podcasting.