Podlove Podcast Publisher Security Vulnerabilities and Issues — Podlove Podcast Publisher CVE List

Lucene search

PodlovePodlove Podcast Publisher

20 matches found

CVE•added 2024/02/07 11:15 a.m.•179 views

CVE-2024-1110

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.

5.3CVSS5.4AI score0.0015EPSS

CVE•added 2024/06/11 5:16 p.m.•61 views

CVE-2024-32143

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.

8.8CVSS4.6AI score0.00546EPSS

CVE•added 2021/09/27 4:15 p.m.•60 views

CVE-2021-24666

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.

9.8CVSS9.5AI score0.7791EPSS

CVE•added 2024/03/27 7:15 a.m.•59 views

CVE-2024-29915

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9.

7.1CVSS7.1AI score0.00256EPSS

CVE•added 2024/04/24 8:15 a.m.•58 views

CVE-2024-32812

Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.

5.4CVSS6.8AI score0.00073EPSS

CVE•added 2024/05/14 3:36 p.m.•55 views

CVE-2024-32712

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.

7.5CVSS6.8AI score0.00275EPSS

CVE•added 2025/03/06 12:15 p.m.•53 views

CVE-2025-1383

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated attackers to delete a...

4.3CVSS6.8AI score0.00022EPSS

CVE•added 2024/04/15 8:15 a.m.•52 views

CVE-2024-32139

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12.

8.8CVSS7.5AI score0.05513EPSS

CVE•added 2024/10/31 10:15 a.m.•47 views

CVE-2024-43984

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.

9.6CVSS9.4AI score0.0006EPSS

CVE•added 2025/01/18 6:15 a.m.•46 views

CVE-2025-0554

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version

4.4CVSS5.8AI score0.00043EPSS

CVE•added 2024/11/14 6:15 p.m.•43 views

CVE-2024-52393

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15.

9.1CVSS9.3AI score0.00276EPSS

CVE•added 2017/08/18 6:29 p.m.•37 views

CVE-2017-12949

lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.

8.8CVSS9.1AI score0.00719EPSS

CVE•added 2023/04/07 10:15 a.m.•36 views

CVE-2023-25046

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin

5.9CVSS5AI score0.00063EPSS

CVE•added 2024/09/18 12:15 a.m.•36 views

CVE-2024-43983

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.

6.5CVSS6.2AI score0.00089EPSS

CVE•added 2023/05/23 1:15 p.m.•34 views

CVE-2023-25472

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin

8.8CVSS6.5AI score0.0007EPSS

CVE•added 2019/09/13 12:15 p.m.•29 views

CVE-2016-10941

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.

6.1CVSS6AI score0.0026EPSS

CVE•added 2024/02/07 11:15 a.m.•29 views

CVE-2024-1109

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tra...

5.3CVSS5.4AI score0.0024EPSS

CVE•added 2019/09/13 12:15 p.m.•28 views

CVE-2016-10942

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.

9.8CVSS9.9AI score0.00977EPSS

CVE•added 2025/05/15 8:15 p.m.•20 views

CVE-2024-13729

The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)...

4.8CVSS5.4AI score0.00046EPSS

CVE•added 2025/05/15 8:15 p.m.•18 views

CVE-2024-13730

The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS5.7AI score0.00046EPSS