23 matches found
CVE-2025-64201
Cross-Site Request Forgery CSRF vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through = 11.13.12...
EUVD-2023-54663
Malicious code in bioql PyPI...
CVE-2023-41239
Server-Side Request Forgery SSRF vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6...
CVE-2024-9227
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2024-9227 PowerPress Podcasting < 11.9.18 - Author+ XSS
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2024-9230
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks...
PT-2025-16205 · Blubrry · Powerpress Podcasting Plugin
Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting plugin by Blubrry WordPress plugin versions prior to 11.9.18 Description: The issue is related to the PowerPress Podcasting plugin by Blubrry WordPress plugin, which does not properly sanitise and escape some of its...
CVE-2024-6588 PowerPress Podcasting plugin by Blubrry <= 11.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via media_url Parameter
The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘mediaurl’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-6588
CVE-2024-6588 concerns the PowerPress Podcasting plugin for WordPress. The vulnerability is a Reflected Cross-Site Scripting flaw in the media_url parameter present in all versions up to and including 11.9.10, caused by insufficient input sanitization and output escaping. It enables unauthenticat...
CVE-2024-6588 PowerPress Podcasting plugin by Blubrry <= 11.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via media_url Parameter
The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘mediaurl’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
WordPress plugin PowerPress Podcasting plugin by Blubrry Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin PowerPress...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6...
CVE-2023-41239
PowerPress Plugin by Blubrry (CVE-2023-41239) is affected by an authenticated SSRF via the powerpress_media_info AJAX action. The issue affects PowerPress versions up to 11.0.6 and is mitigated by upgrading to 11.0.7. Exploitation requires at least Contributor-level access (Authenticated), with t...
Code injection
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin...
CVE-2023-4820
CVE-2023-4820 affects the PowerPress Podcasting plugin for WordPress (Blubrry) prior to version 11.0.12. The issue is that the plugin does not sanitize/escape the media URL field in posts, enabling stored cross-site scripting when a user with as little as contributor privileges posts content. The...
CVE-2023-30778 WordPress PowerPress Podcasting Plugin <= 10.0.1 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin = 10.0.1 versions...
CVE-2023-30778 WordPress PowerPress Podcasting Plugin <= 10.0.1 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin = 10.0.1 versions...
WordPress PowerPress 10.0 Cross Site Scripting Vulnerability
On April 5, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in Blubrry’s PowerPress plugin, which is actively installed on more than 50,000 WordPress websites. The vulnerability enables threat...
Blubrry Addresses Authenticated Stored XSS Vulnerability in PowerPress WordPress Plugin
On April 5, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in Blubrry’s PowerPress plugin, which is actively installed on more than 50,000 WordPress websites. The vulnerability enables threat...
WordPress PowerPress Podcasting plugin <= 8.3.7 - Authenticated Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability
Authenticated Arbitrary File Upload leading to Remote Code Execution RCE vulnerability found by Minh Tuan SunCSR in WordPress PowerPress Podcasting plugin versions = 8.3.7. Solution Update the WordPress PowerPress Podcasting plugin by Blubrry to the latest available version at least 8.3.8...