Medium severity5.3NVD Advisory· Published Feb 7, 2024· Updated Apr 8, 2026

CVE-2024-1110

Description

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.

Affected products

Podlove/Podlove Podcast Publisher
cpe:2.3:a:podlove:podlove_podcast_publisher:*:*:*:*:*:wordpress:*:*
Range: <=4.0.11

Patches

7873ff520631

https://github.com/podlove/podlove-publishervia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/podlove/podlove-publisher/commit/7873ff520631087e2f10737860cdcd64d53187banvdPatch
plugins.trac.wordpress.org/changesetnvdPatch
www.wordfence.com/threat-intel/vulnerabilities/id/2c9cf461-572c-4be8-96e6-659acf3208f3nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000