CVE-2023-6444

MEDIUM NUCLEI

Seriously Simple Podcasting <3.0.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-6444. PoCs published by Wayne-Ker. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2023-6444, an unauthenticated administrator email disclosure vulnerability in the Seriously Simple Podcasting WordPress plugin. It checks the plugin version and extracts the admin email from the iTunes feed if the site is vulnerable.

Description

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.

Exploits (1)

nomisec WORKING POC

by Wayne-Ker · poc

https://github.com/Wayne-Ker/CVE-2023-6444-POC

View Code ZIP pw:eip

This PoC exploits CVE-2023-6444, an unauthenticated administrator email disclosure vulnerability in the Seriously Simple Podcasting WordPress plugin. It checks the plugin version and extracts the admin email from the iTunes feed if the site is vulnerable.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Seriously Simple Podcasting WordPress plugin < 3.0.0

No auth needed

Prerequisites: Target must have the Seriously Simple Podcasting plugin installed and accessible · Plugin version must be < 3.0.0

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Seriously Simple Podcasting < 3.0.0 - Information Disclosure

MEDIUMVERIFIEDby s4e-io

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/061c59d6-f4a0-4cd1-b945-5e92b9c2b4aa/

Scores

CVSS v3 5.3

EPSS 0.0246

EPSS Percentile 82.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

Status published

Products (1)

castos/seriously_simple_podcasting < 3.0.0

Published Mar 11, 2024

Tracked Since Feb 18, 2026