CVE-2024-49763

Description

PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0.

Weakness Type (CWE)

CWE-942 CWE-942

References

Other References

https://github.com/PlexRipper/PlexRipper/commit/184074644a1f5a8ac59519929a9c4b92280fb2a1 https://securitylab.github.com/advisories/GHSL-2024-305_PlexRipper/

Frequently Asked Questions

What is CVE-2024-49763? +

PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0.

How do I check if I'm vulnerable to CVE-2024-49763? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-57755

claude-code-router is a powerful tool to route Claude Code requests to different models and customize any request. Due to improper …

CVE-2020-36851

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to …

CVE-2024-53276

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS …

CVE-2025-41363

In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability …

CVE-2025-41366