What is CVE-2023-6444?

CVE-2023-6444 is a vulnerability in Seriously Simple Podcasting, classified under CWE-201 INSERTION OF SENSITIVE INFORMATION INTO SENT DATA. Published 2024-03-11.

Is CVE-2023-6444 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Seriously Simple Podcasting

CVE-2023-6444

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.

EPSS: 0.614 (98.3th percentile) — read the EPSS interpretation.

Affected products

Unknown Seriously Simple Podcasting — versions 0

Public proof-of-concept exploits

Wayne-Ker/CVE-2023-6444-POC
20142995/nuclei-templates
ARPSyndicate/cve-scores
nomi-sec/PoC-in-GitHub

References

wpscan.com/vulnerability/061c59d6-f4a0-4cd1-b945-5e92b9c2b4aa/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-6444?: CVE-2023-6444 is a vulnerability in Seriously Simple Podcasting, classified under CWE-201 INSERTION OF SENSITIVE INFORMATION INTO SENT DATA. Published 2024-03-11.
Is CVE-2023-6444 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.