Open gerbsen opened 10 months ago
Hey Gerbsen, thanks for the report. We are already aware of this report and trying to get more information about the potential security issue.
Any progress with the security issue?
The original source of this vulnerability is still not disclosed (see https://patchstack.com/database/vulnerability/podlove-web-player/wordpress-podlove-web-player-plugin-5-7-1-broken-access-control-vulnerability). Also the assigned CVE (https://www.cve.org/CVERecord?id=CVE-2023-47691) doesn't provide any information to resolve it :/
I've got the information what needs to be fixed and prepared a fix, will ping back patchstack about this.
Hey there, today my Wordfence Plugin for Wordpress gave me the following message during it's routine scan which got me a bit scared.
More infos on the CVE can be found here. According to Wordfence the Webplayer:
What should I do? Disable the plugin for now? Will there be a patch available? Can I somehow block the attack any other way? Thank you for any info on the matter!