CVE-2024-49763

Description

PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0.

Weakness Type (CWE)

CWE-942 CWE-942

References

Other References

https://github.com/PlexRipper/PlexRipper/commit/184074644a1f5a8ac59519929a9c4b92280fb2a1 https://securitylab.github.com/advisories/GHSL-2024-305_PlexRipper/

Frequently Asked Questions

What is CVE-2024-49763? +

PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0.

How do I check if I'm vulnerable to CVE-2024-49763? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-41010

Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in …

CVE-2020-36851

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to …

CVE-2025-57755

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper …

CVE-2025-41366

In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability …

CVE-2025-41363