3 matches found
WordPress PowerPress Podcasting Plugin < 11.0.12 is vulnerable to Cross Site Scripting (XSS)
Software PowerPress Podcasting Type Plugin Vulnerable versions 11.0.12 Fixed in 11.0.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4820 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 083d4289c26f Credits emad Required...
CVE-2023-4820 PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin...
CVE-2023-4820
CVE-2023-4820 affects the PowerPress Podcasting plugin for WordPress (Blubrry) prior to version 11.0.12. The issue is that the plugin does not sanitize/escape the media URL field in posts, enabling stored cross-site scripting when a user with as little as contributor privileges posts content. The...