Podlove Podcast Publisher Security Vulnerabilities and Issues — Podlove Podcast Publisher CVE List

Lucene search

PodlovePodlove Podcast Publisher

4 matches found

CVE•added 2021/09/27 4:15 p.m.•60 views

CVE-2021-24666

The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.

9.8CVSS9.5AI score0.7791EPSS

CVE•added 2024/10/31 10:15 a.m.•47 views

CVE-2024-43984

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.

9.6CVSS9.4AI score0.0006EPSS

CVE•added 2024/11/14 6:15 p.m.•43 views

CVE-2024-52393

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15.

9.1CVSS9.3AI score0.00276EPSS

CVE•added 2019/09/13 12:15 p.m.•28 views

CVE-2016-10942

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.

9.8CVSS9.9AI score0.00977EPSS