CVE-2026-12098

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed' Episode Meta Field in all versions up to, and including, 11.16.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

EUVD-2026-37862

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed' Episode Meta Field in all versions up to, and including, 11.16.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2026-12098 PowerPress Podcasting plugin by Blubrry <= 11.16.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'embed' Episode Meta Field

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'embed' Episode Meta Field in all versions up to, and including, 11.16.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

CVE-2026-12098

CVE-2026-12098 affects the WordPress PowerPress Podcasting plugin by Blubrry up to version 11.16.8. The vulnerability is a Stored Cross-Site Scripting via the embed Episode Meta Field, caused by insufficient input sanitization and output escaping. The embed value is stored with update_post_meta()...

WordPress PowerPress Podcasting plugin by Blubrry plugin <= 11.16.8 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Mukhlis Amien in WordPress Plugin PowerPress Podcasting versions = 11.16.8...

CVE-2026-24637 WordPress PowerPress Podcasting plugin <= 11.15.10 - SQL Injection vulnerability

Contributor SQL Injection in PowerPress Podcasting = 11.15.10 versions...

CVE-2026-2988

CVE-2026-2988 affects the Blubrry PowerPress WordPress plugin. Versions up to and including 11.15.15 are vulnerable to Stored Cross-Site Scripting via the powerpress and podcast shortcodes due to insufficient input sanitization and output escaping. Exploitation is possible by authenticated attack...

CVE-2026-32351

CVE-2026-32351 affects the WordPress PowerPress Podcasting plugin (PowerPress)

CVE-2026-32351 WordPress PowerPress Podcasting plugin <= 11.15.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blubrry PowerPress Podcasting powerpress allows Stored XSS.This issue affects PowerPress Podcasting: from n/a through = 11.15.13...

CVE-2026-23798 WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through = 11.15.10...

WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin PowerPress Podcasting versions = 11.15.10...

CVE-2025-13536

The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is due to the plugin validating file extensions but not halting execution when validation fails in the...

EUVD-2021-11037

Malware in sbrugna...

EUVD-2024-54401

Malicious code in bioql PyPI...

EUVD-2023-24105

Malicious code in bioql PyPI...

EUVD-2023-54663

Malicious code in bioql PyPI...

WordPress PowerPress Podcasting plugin <= 11.9.17 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Krugov Artyom in WordPress Plugin PowerPress Podcasting versions = 11.9.17...

CVE-2024-9543

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-6588

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘mediaurl’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-1917

The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...