Podlove Web Player Vulnerability

mhuelskoetter · November 17, 2023, 3:45pm

Since yesterday, my MalCare dashboard shows the following message:

Category:PLUGIN

Versions-Affected:<= 5.7.1

Type:Access Controls

Severity:MEDIUM

Description:Mika discovered and reported this Broken Access Control vulnerability in WordPress Podlove Web Player Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.

What does it mean exactly?

BR
Mike

ericteubert · November 17, 2023, 6:04pm

We have been trying to reach the security platform for days without success so far.

Closing because duplicate of Podlove Web Player <= 5.7.1 - Missing Authorization