CVE-2025-10147
Podlove Podcast Publisher (WordPress) is affected by CVE-2025-10147 due to missing file type validation in move_as_original_file, allowing unauthenticated arbitrary file uploads and possible remote code execution in all versions up to 4.2.6. The vulnerability is mitigated by upgrading to 4.2.6 or...