CVE-2026-2988

CVE-2026-2988 affects the Blubrry PowerPress WordPress plugin. Versions up to and including 11.15.15 are vulnerable to Stored Cross-Site Scripting via the powerpress and podcast shortcodes due to insufficient input sanitization and output escaping. Exploitation is possible by authenticated attack...

CVE-2026-32351

CVE-2026-32351 affects the WordPress PowerPress Podcasting plugin (PowerPress)

CVE-2026-32351 WordPress PowerPress Podcasting plugin <= 11.15.13 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blubrry PowerPress Podcasting powerpress allows Stored XSS.This issue affects PowerPress Podcasting: from n/a through = 11.15.13...

CVE-2026-23798 WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through = 11.15.10...

WordPress PowerPress Podcasting plugin <= 11.15.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin PowerPress Podcasting versions = 11.15.10...

CVE-2025-13536

The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is due to the plugin validating file extensions but not halting execution when validation fails in the...

EUVD-2021-11037

Malware in sbrugna...

EUVD-2024-54401

Malicious code in bioql PyPI...

EUVD-2023-24105

Malicious code in bioql PyPI...

EUVD-2023-54663

Malicious code in bioql PyPI...

WordPress PowerPress Podcasting plugin <= 11.9.17 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Krugov Artyom in WordPress Plugin PowerPress Podcasting versions = 11.9.17...

CVE-2024-9543

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-6588

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘mediaurl’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-1917

The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2024-9227

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress PowerPress Podcasting plugin <= 11.12.6 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin PowerPress Podcasting versions = 11.12.6...

CVE-2024-9543

PowerPress Podcasting plugin for WordPress (Blubrry) is affected by a Stored Cross‑Site Scripting (XSS) vulnerability via the skipto shortcode in all versions up to 11.9.18. The root cause is insufficient input sanitization and output escaping of user-supplied attributes, allowing authenticated a...

WordPress Powerpress plugin <= 11.9.18 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jack Taylor in WordPress Plugin PowerPress Podcasting versions = 11.9.18...

PT-2024-39688 · Blubrry · Powerpress Podcasting Plugin

Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting plugin by Blubrry plugin for WordPress versions up to, and including, 11.9.18 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode due to insufficient input sanitization an...

WordPress PowerPress Podcasting plugin by Blubrry plugin <= 11.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via media_url Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mediaurl Parameter vulnerability discovered by Webbernaut in WordPress Plugin PowerPress Podcasting versions = 11.9.10...