CVE-2026-32448

The CVE-2026-32448 entry concerns the WordPress Podlove Podcast Publisher plugin (podlove-podcasting-plugin-for-wordpress) with versions

WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by PPzzAArr in WordPress Plugin Podlove Web Player versions = 5.9.1...

CVE-2025-62908

CVE-2025-62908 is associated with a Missing Authorization vulnerability in Podlove Web Player (podlove-web-player), allowing access to functionality not properly constrained by ACLs. A Red Hat advisory describes the issue as missing authorization in Podlove Web Player with impact on Podlove Web P...

WordPress Podlove Podcast Publisher Plugin <= 4.1.13 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.1.13 Fixed in 4.1.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43983 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 71f42a372118 Credits Muhammad Daffa Required...

WordPress Podlove Web Player plugin <= 5.7.3 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Peng Zhou Patchstack Alliance in WordPress Plugin Podlove Web Player versions = 5.7.3...

WordPress Podlove Web Player Plugin <= 5.7.3 is vulnerable to Sensitive Data Exposure

Software Podlove Web Player Type Plugin Vulnerable versions = 5.7.3 Fixed in 5.7.4 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-35710 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7b2985bdf410 Credits Peng Zhou Required...

WordPress Podlove Podcast Publisher Plugin <= 4.0.12 is vulnerable to SQL Injection

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 4.0.12 Fixed in 4.0.14 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-32139 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID d7f41e298937 Credits Peng Zhou Required privilege...

WordPress Podlove Podcast Publisher Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 3.8.3 Fixed in 3.8.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25472 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1974c1ffec51 Credits yuyudhn...

WordPress Podlove Podcast Publisher Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Podlove Podcast Publisher Type Plugin Vulnerable versions = 3.8.2 Fixed in 3.8.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25046 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 491cd1d794bf Credits yuyudhn...

WordPress Podlove Podcast Publisher plugin <=2.5.3 - SQL injection (SQLi) vulnerability

SQL injection SQLi vulnerability found by Neven Biruski in WordPress Podlove Podcast Publisher plugin version 2.5.3 and earlier version. This vulnerability allows registered users to get access to the database even if they don't have full administrator rights. Moreover, Cross Site request forgery...