cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-0827,https://securityvulnerability.io/vulnerability/CVE-2024-0827,Cross-Site Request Forgery Vulnerability Affects The Play.ht Text to Speech Audio Plugin for WordPress,"The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Play.ht – Make Your Blog Posts Accessible With Text To Speech Audio,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:27:19.345Z,0
CVE-2024-1772,https://securityvulnerability.io/vulnerability/CVE-2024-1772,PHP Object Injection Vulnerability in Play.ht Plugin for WordPress by Play.ht,"The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is susceptible to PHP Object Injection due to the deserialization of untrusted input from the play_podcast_data post meta. Authenticated attackers with contributor-level access or higher can exploit this vulnerability to inject a PHP Object. While no known Property-Oriented Programming (POP) chain is evident within the vulnerable plugin, if a POP chain exists through an additional plugin or theme installed on the WordPress site, the risk escalates. Attackers may potentially delete arbitrary files, extract sensitive information, or execute malicious code, compromising the integrity and safety of the WordPress environment.",Wordpress,Play.ht – Make Your Blog Posts Accessible With Text To Speech Audio,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:27:01.811Z,0
CVE-2024-0828,https://securityvulnerability.io/vulnerability/CVE-2024-0828,Unauthorized Access Vulnerability in Play.ht Plugin for WordPress,"The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress has a vulnerability that allows authenticated attackers, with subscriber access or higher, to bypass functionality safeguards. A missing capability check on several critical functions exposes sensitive operations—such as modifying post metadata, accessing content from protected posts, and deleting audio files—making it essential for users to update their plugin to protect against exploitation.",Wordpress,Play.ht – Make Your Blog Posts Accessible With Text To Speech Audio,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:26:49.694Z,0