Lucene search
Podlove Subscribe Button Security Vulnerabilities
cve
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.
5.9CVSS
4.8AI Score
0.0005EPSS
2023-04-25 12:15 PM
16
cve
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.
8.8CVSS
8.8AI Score
0.001EPSS
2023-05-23 01:15 PM
23
cve
The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
8.8CVSS
8.9AI Score
0.001EPSS
2024-02-07 11:15 AM
15