31 matches found
CVE-2023-25481
Cross-Site Request Forgery CSRF vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...
CVE-2023-25479
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...
EUVD-2023-29436
Malicious code in bioql PyPI...
CVE-2025-58227
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexander Lueken Podlove Subscribe button podlove-subscribe-button allows Stored XSS.This issue affects Podlove Subscribe button: from n/a through = 1.3.11...
CVE-2025-58227
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexander Lueken Podlove Subscribe button podlove-subscribe-button allows Stored XSS.This issue affects Podlove Subscribe button: from n/a through = 1.3.11...
WordPress Podlove Subscribe button Plugin <= 1.3.11 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Podlove Subscribe button versions = 1.3.11...
CVE-2025-58227 WordPress Podlove Subscribe button Plugin <= 1.3.11 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexander Lueken Podlove Subscribe button podlove-subscribe-button allows Stored XSS.This issue affects Podlove Subscribe button: from n/a through = 1.3.11...
CVE-2025-58227 WordPress Podlove Subscribe button Plugin <= 1.3.11 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alexander Lueken Podlove Subscribe button podlove-subscribe-button allows Stored XSS.This issue affects Podlove Subscribe button: from n/a through = 1.3.11...
CVE-2025-58227
CVE-2025-58227: Stored XSS in Podlove Subscribe button for WordPress due to improper input neutralization during page generation. Affected: Podlove Subscribe button plugin up to version 1.3.11 (vulnerable line items). Remediation: patch released (plugin update to fix the issue). The entry is back...
WordPress plugin Podlove Subscribe button 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-38892
Name of the Vulnerable Software and Affected Versions Podlove Subscribe button versions through 1.3.11 Description The Podlove Subscribe button software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting issue. This allows for...
CVE-2024-1118
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2024-1118
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2024-1118
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
Sql injection
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2024-1118 Podlove Subscribe button <= 1.3.10 - Authenticated (Contributor+) SQL Injection
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient...
WordPress Podlove Subscribe button Plugin <= 1.3.10 is vulnerable to SQL Injection
Software Podlove Subscribe button Type Plugin Vulnerable versions = 1.3.10 Fixed in 1.3.11 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1118 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID fcca748172f2 Credits Lucio Sá Required privilege Contributor...
CVE-2023-25481
Cross-Site Request Forgery CSRF vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...
CVE-2023-25481
Cross-Site Request Forgery CSRF vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...
CVE-2023-25481 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Podlove Podlove Subscribe button plugin = 1.3.7 versions...