14 matches found
CVE-2023-5308
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcastsubscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Cross site scripting
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcastsubscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-5308 Podcast Subscribe Buttons <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcastsubscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-5308 Podcast Subscribe Buttons <= 1.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcastsubscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Plugin Podcast Subscribe Buttons Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-32028 · WordPress · Podcast Subscribe Buttons
Name of the Vulnerable Software and Affected Versions: Podcast Subscribe Buttons plugin for WordPress versions up to, and including, 1.4.8 Description: The issue is related to Stored Cross-Site Scripting via the 'podcast subscribe' shortcode due to insufficient input sanitization and output...
WordPress Podcast Subscribe Buttons Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS)
Software Podcast Subscribe Buttons Type Plugin Vulnerable versions = 1.4.8 Fixed in 1.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5308 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8270a6ea885e Credits Lana Codes...
WordPress Podcast Subscribe Buttons plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress Podcast Subscribe Buttons plugin in versions prior to 1.4.2, which stems from a lack of checksum filtering of user-supplied data and output...
CVE-2021-24743
The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS...
CVE-2021-24743
The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS...
Cross site scripting
The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS...
CVE-2021-24743 Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS
The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS...
WordPress Podcast Subscribe Buttons plugin <= 1.4.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Podcast Subscribe Buttons plugin versions = 1.4.1. Solution Update the WordPress Podcast Subscribe Buttons plugin to the latest available version at least 1.4.2...
Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS
The plugin allows users with any role capable of editing or adding posts to perform stored XSS. PoC Add the below payload as a shortcode block: podcastsubscribe alignment='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alertorigin//'...