Lucene search
+L

37 matches found

osv
osv
added 2025/05/15 8:16 p.m.3 views

CVE-2024-9227

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00266EPSS
Exploits1References1
patchstack
patchstack
added 2025/04/09 3:25 p.m.6 views

WordPress PowerPress Podcasting plugin <= 11.12.6 - Server Side Request Forgery (SSRF) Vulnerability

Server Side Request Forgery SSRF Vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin PowerPress Podcasting versions = 11.12.6...

4.9CVSS8.2AI score0.00246EPSS
Exploits0Affected Software1
cve
cve
added 2024/10/11 5:33 a.m.51 views

CVE-2024-9543

PowerPress Podcasting plugin for WordPress (Blubrry) is affected by a Stored Cross‑Site Scripting (XSS) vulnerability via the skipto shortcode in all versions up to 11.9.18. The root cause is insufficient input sanitization and output escaping of user-supplied attributes, allowing authenticated a...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References5
patchstack
patchstack
added 2024/10/10 5:20 p.m.4 views

WordPress Powerpress plugin <= 11.9.18 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Jack Taylor in WordPress Plugin PowerPress Podcasting versions = 11.9.18...

6.4CVSS5.7AI score0.00333EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2024/10/10 12:0 a.m.4 views

PT-2024-39688 · Blubrry · Powerpress Podcasting Plugin

Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting plugin by Blubrry plugin for WordPress versions up to, and including, 11.9.18 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode due to insufficient input sanitization an...

6.4CVSS5.9AI score0.00333EPSS
Exploits0References8
patchstack
patchstack
added 2024/07/12 7:34 a.m.6 views

WordPress PowerPress Podcasting plugin by Blubrry plugin <= 11.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via media_url Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via mediaurl Parameter vulnerability discovered by Webbernaut in WordPress Plugin PowerPress Podcasting versions = 11.9.10...

6.4CVSS5.8AI score0.00387EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2024/07/12 12:0 a.m.5 views

WordPress plugin PowerPress Podcasting plugin by Blubrry Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin PowerPress...

6.4CVSS6.1AI score0.00387EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2024/07/12 12:0 a.m.6 views

PT-2024-37740 · Blubrry · Powerpress Podcasting Plugin

Name of the Vulnerable Software and Affected Versions: PowerPress Podcasting plugin by Blubrry plugin for WordPress versions up to, and including, 11.9.10 Description: The issue is related to Reflected Cross-Site Scripting via the media url parameter due to insufficient input sanitization and...

6.4CVSS6.5AI score0.00387EPSS
Exploits0References7
osv
osv
added 2023/11/13 3:15 a.m.4 views

CVE-2023-41239

Server-Side Request Forgery SSRF vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6...

6.5CVSS5.8AI score0.00381EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/11/13 12:0 a.m.6 views

WordPress Plugin PowerPress Podcasting plugin by Blubrry Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin PowerPress...

6.5CVSS6.6AI score0.00381EPSS
Exploits0References2
osv
osv
added 2023/10/16 8:15 p.m.5 views

CVE-2023-4820

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin...

5.4CVSS5.7AI score0.00403EPSS
Exploits2References1
cnnvd
cnnvd
added 2023/08/15 12:0 a.m.4 views

WordPress plugin PowerPress Podcasting plugin by Blubrry Cross-site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin PowerPress...

5.5CVSS5.8AI score0.00344EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/06/09 5:33 a.m.15 views

CVE-2023-1917 PowerPress <= 10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS6.8AI score0.00529EPSS
Exploits1References5
cnnvd
cnnvd
added 2023/06/09 12:0 a.m.10 views

WordPress Plugin PowerPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.4CVSS6.8AI score0.00529EPSS
Exploits1References5
osv
osv
added 2021/03/18 3:15 p.m.4 views

CVE-2021-24123

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images such as the ones from Podcast Artwork section, allowing high privilege accounts admin+ being able to upload arbitrary files, such as php, leading to RCE...

7.2CVSS7.2AI score0.01647EPSS
Exploits2References1
patchstack
patchstack
added 2020/10/11 12:0 a.m.15 views

WordPress PowerPress Podcasting plugin <= 8.3.7 - Authenticated Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability

Authenticated Arbitrary File Upload leading to Remote Code Execution RCE vulnerability found by Minh Tuan SunCSR in WordPress PowerPress Podcasting plugin versions = 8.3.7. Solution Update the WordPress PowerPress Podcasting plugin by Blubrry to the latest available version at least 8.3.8...

5.8AI score
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2015/02/02 12:0 a.m.9 views

PT-2015-5258 · Blubrry · Blubrry Powerpress Podcasting Plugin

Name of the Vulnerable Software and Affected Versions: Blubrry PowerPress Podcasting plugin versions prior to 6.0.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a "powerpress-editcategoryfeed" action in the "powerpressadmin...

4.3CVSS5.4AI score0.02237EPSS
Exploits3References8
Rows per page
Query Builder