37 matches found
CVE-2024-9227
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress PowerPress Podcasting plugin <= 11.12.6 - Server Side Request Forgery (SSRF) Vulnerability
Server Side Request Forgery SSRF Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin PowerPress Podcasting versions = 11.12.6...
CVE-2024-9543
PowerPress Podcasting plugin for WordPress (Blubrry) is affected by a Stored Cross‑Site Scripting (XSS) vulnerability via the skipto shortcode in all versions up to 11.9.18. The root cause is insufficient input sanitization and output escaping of user-supplied attributes, allowing authenticated a...
WordPress Powerpress plugin <= 11.9.18 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jack Taylor in WordPress Plugin PowerPress Podcasting versions = 11.9.18...
PT-2024-39688 · Blubrry · Powerpress Podcasting Plugin
Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting plugin by Blubrry plugin for WordPress versions up to, and including, 11.9.18 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode due to insufficient input sanitization an...
WordPress PowerPress Podcasting plugin by Blubrry plugin <= 11.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via media_url Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via mediaurl Parameter vulnerability discovered by Webbernaut in WordPress Plugin PowerPress Podcasting versions = 11.9.10...
WordPress plugin PowerPress Podcasting plugin by Blubrry Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin PowerPress...
PT-2024-37740 · Blubrry · Powerpress Podcasting Plugin
Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting plugin by Blubrry plugin for WordPress versions up to, and including, 11.9.10 Description: The issue is related to Reflected Cross-Site Scripting via the media url parameter due to insufficient input sanitization and...
CVE-2023-41239
Server-Side Request Forgery SSRF vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6...
WordPress Plugin PowerPress Podcasting plugin by Blubrry Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin PowerPress...
CVE-2023-4820
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin...
WordPress plugin PowerPress Podcasting plugin by Blubrry Cross-site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin PowerPress...
CVE-2023-1917 PowerPress <= 10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
WordPress Plugin PowerPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2021-24123
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images such as the ones from Podcast Artwork section, allowing high privilege accounts admin+ being able to upload arbitrary files, such as php, leading to RCE...
WordPress PowerPress Podcasting plugin <= 8.3.7 - Authenticated Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability
Authenticated Arbitrary File Upload leading to Remote Code Execution RCE vulnerability found by Minh Tuan SunCSR in WordPress PowerPress Podcasting plugin versions = 8.3.7. Solution Update the WordPress PowerPress Podcasting plugin by Blubrry to the latest available version at least 8.3.8...
PT-2015-5258 · Blubrry · Blubrry Powerpress Podcasting Plugin
Name of the Vulnerable Software and Affected Versions: Blubrry PowerPress Podcasting plugin versions prior to 6.0.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a "powerpress-editcategoryfeed" action in the "powerpressadmin...