CVE-2025-1383

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajaxtranscriptdelete function. This makes it possible for unauthenticated attackers to delete...

WordPress Podlove Podcast Publisher plugin <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function vulnerability

Cross-Site Request Forgery via ajaxtranscriptdelete Function vulnerability discovered by Abbas Mamoun in WordPress Plugin Podlove Podcast Publisher versions = 4.2.2...