WordPress Podcast Subscribe Buttons plugin <= 1.4.1 - Stored Cross-Site Scripting (XSS) vulnerability

2021-09-1500:00:00

apple502j

patchstack.com

0.001 Low

EPSS

Percentile

24.9%

Stored Cross-Site Scripting (XSS) vulnerability discovered by apple502j in WordPress Podcast Subscribe Buttons plugin (versions <= 1.4.1).

Solution

           Update the WordPress Podcast Subscribe Buttons plugin to the latest available version (at least 1.4.2).

CPENameOperatorVersion
podcast subscribe buttonsle1.4.1

CPE	Name	Operator	Version
	podcast subscribe buttons	le	1.4.1

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24743

wordpress.org/plugins/podcast-subscribe-buttons/#developers

wpscan.com/vulnerability/998395f0-f176-45b9-baf7-b50d30538c7d

0.001 Low

EPSS

Percentile

24.9%

Related for PATCHSTACK:BA06C82632A88A89DCE7B7B9A0E24C8A