CVE-2024-0828

MEDIUM

Play.ht - WordPress <3.6.4 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio.

Scores

CVSS v3 5.4
EPSS 0.0036
EPSS Percentile 28.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
hammadh/play.ht < 3.6.4
hammadh/Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio < 3.6.4
Published Mar 13, 2024
Tracked Since Feb 18, 2026