Lucene search
K

312 matches found

Nuclei
Nuclei
added yesterday104 views

WordPress Podlove Podcast Publisher <3.5.6 - SQL Injection

WordPress Podlove Podcast Publisher plugin before 3.5.6 is susceptible to SQL injection. The Social & Donations module, not activated by default, adds the REST route /services/contributor/?P\d+ and takes id and category parameters as arguments. Both parameters can be exploited, thereby potentiall...

9.8CVSS7.1AI score0.09404EPSS
Exploits2References4
CVE
CVE
added 2 days ago11 views

CVE-2026-13001

Affected software : Podlove Podcast Publisher for WordPress. Vulnerability : arbitrary file uploads caused by missing file type validation in the podlove_handle_cache_files function, affecting all versions up to and including 4.5.1. Impact : unauthenticated attackers could upload arbitrary files ...

9.8CVSS6.5AI score0.01079EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-58720

Name of the Vulnerable Software and Affected Versions Podlove Podcast Publisher versions prior to 4.5.2 Description Missing file type validation in the podlove handle cache files function allows unauthenticated attackers to upload arbitrary files to the server. This flaw in the image cache can le...

9.8CVSS6.4AI score0.01079EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-32448

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11995

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:55 p.m.4 views

CVE-2026-32448

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

6.5CVSS0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.7 views

CVE-2026-32448

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

5.8AI score0.00133EPSS
Exploits0References2
CVE
CVE
added 2026/03/13 11:42 a.m.10 views

CVE-2026-32448

The CVE-2026-32448 entry concerns the WordPress Podlove Podcast Publisher plugin (podlove-podcasting-plugin-for-wordpress) with versions

6.5CVSS5.8AI score0.00133EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 11:42 a.m.26 views

CVE-2026-32448 WordPress Podlove Podcast Publisher plugin <= 4.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

6.5CVSS0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/13 11:42 a.m.1 views

CVE-2026-32448 WordPress Podlove Podcast Publisher plugin <= 4.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25292

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through = 4.3.3...

6.5CVSS5.8AI score0.00133EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.10 views

WordPress plugin Podlove Podcast Publisher 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.7AI score0.00133EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/08 8:21 p.m.6 views

WordPress Podlove Podcast Publisher plugin <= 4.3.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Podlove Podcast Publisher versions = 4.3.3...

6.5CVSS5.8AI score0.00133EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/06 7:54 a.m.8 views

CVE-2026-24385

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through = 5.9.1...

7.5CVSS5.8AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.7 views

EUVD-2026-9600

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through = 5.9.1...

5.9AI score0.00291EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 6:16 a.m.6 views

CVE-2026-24385

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through = 5.9.1...

7.5CVSS0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.34 views

CVE-2026-24385 WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through = 5.9.1...

7.5CVSS0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.4 views

CVE-2026-24385 WordPress Podlove Web Player plugin <= 5.9.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through = 5.9.1...

7.5CVSS5.8AI score0.00291EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:53 a.m.4 views

CVE-2026-24385

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through = 5.9.1...

5.9AI score0.00291EPSS
Exploits0References2
CVE
CVE
added 2026/03/05 5:53 a.m.16 views

CVE-2026-24385

CVE-2026-24385 affects Podlove Web Player (WordPress Podlove Web Player plugin) 5.9.1) or applying vendor-supplied patch as soon as available.

7.5CVSS5.9AI score0.00291EPSS
Exploits0References1
Rows per page
Query Builder