Medium severity5.3NVD Advisory· Published Feb 7, 2024· Updated Apr 8, 2026

CVE-2024-1109

Description

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.

Affected products

Podlove/Podlove Podcast Publisher
cpe:2.3:a:podlove:podlove_podcast_publisher:*:*:*:*:*:wordpress:*:*
Range: <=4.0.11

Patches

0ac83d1955aa

https://github.com/podlove/podlove-publishervia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/podlove/podlove-publisher/commit/0ac83d1955aa964a358833b1b5ce790fff45b3f4nvdPatch
plugins.trac.wordpress.org/changesetnvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/a7b25b66-e9d1-448d-8367-cce4c0dec635nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000