CVE-2026-4084

The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fyyd-podcast', 'fyyd-episode', and 'fyyd' shortcodes in all versions up to, and including, 0.3.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode...

CVE-2026-27058

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through = 1.7...

CVE-2026-27058

The CVE-2026-27058 entry concerns the WordPress Penci Podcast plugin (versions up to 1.7). The vulnerability is a client-side DOM-based Cross-Site Scripting (XSS) flaw caused by improper neutralization of input during web page generation. Affected component is the plugin in the WordPress environm...

PT-2026-20764

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through = 1.7...

WordPress Penci Podcast plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Podcast versions = 1.7...

CVE-2025-59584 WordPress Penci Podcast Plugin <= 1.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PenciDesign Penci Podcast penci-podcast allows DOM-Based XSS.This issue affects Penci Podcast: from n/a through = 1.6...

WordPress Penci Podcast Plugin <= 1.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Penci Podcast versions = 1.6...

CVE-2023-6444

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address which by default is the admin email address via an unauthenticated crafted request...

WordPress Podcast Box – Best Podcasting Plugin for WordPress Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Podcast Box – Best Podcasting Plugin for WordPress Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d354f1d1cff6 Credits...