WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection

WordPress Podlove Podcast Publisher plugin before 3.5.6 is susceptible to SQL injection. The Social & Donations module, not activated by default, adds the REST route /services/contributor/?P\d+ and takes id and category parameters as arguments. Both parameters can be exploited, thereby potentiall...

CVE-2026-32351

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blubrry PowerPress Podcasting powerpress allows Stored XSS.This issue affects PowerPress Podcasting: from n/a through = 11.15.13...

CVE-2026-24360 WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.14.1...

CVE-2023-4820

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin...

CVE-2016-10942

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insertid parameter exploitable via CSRF...

CVE-2025-66061

Cross-Site Request Forgery CSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

CVE-2025-66061 WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

CVE-2025-62882

Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through = 3.13.0...

EUVD-2016-1933

Malware in sbrugna...

EUVD-2024-47653

Malicious code in bioql PyPI...

EUVD-2023-57652

Malicious code in bioql PyPI...

EUVD-2023-45756

Malicious code in bioql PyPI...

EUVD-2023-35140

Malicious code in bioql PyPI...

CVE-2023-5335

The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-30778

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin = 10.0.1 versions...

CVE-2016-10941

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF...

CVE-2015-9410

The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter...

CVE-2024-9227

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2024-9227

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2024-9227

The CVE concerns the WordPress PowerPress Podcasting plugin by Blubrry (versions prior to 11.9.18). The issue is insufficient sanitization/escaping of certain podcast settings when adding a podcast, enabling Stored Cross-Site Scripting (XSS) attacks and affecting admin users, even with unfiltered...