Podlove Podcast Publisher Security Vulnerabilities and Issues — Podlove Podcast Publisher CVE List

Lucene search

PodlovePodlove Podcast Publisher

10 matches found

CVE•added 2024/02/07 11:15 a.m.•179 views

CVE-2024-1110

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.

5.3CVSS5.4AI score0.0015EPSS

CVE•added 2024/06/11 5:16 p.m.•61 views

CVE-2024-32143

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.

8.8CVSS4.6AI score0.00546EPSS

CVE•added 2024/03/27 7:15 a.m.•59 views

CVE-2024-29915

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9.

7.1CVSS7.1AI score0.00256EPSS

CVE•added 2024/04/24 8:15 a.m.•58 views

CVE-2024-32812

Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.

5.4CVSS6.8AI score0.00073EPSS

CVE•added 2024/05/14 3:36 p.m.•55 views

CVE-2024-32712

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.

7.5CVSS6.8AI score0.0028EPSS

CVE•added 2024/04/15 8:15 a.m.•52 views

CVE-2024-32139

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12.

8.8CVSS7.5AI score0.05513EPSS

CVE•added 2024/10/31 10:15 a.m.•47 views

CVE-2024-43984

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.

9.6CVSS9.4AI score0.00067EPSS

CVE•added 2024/11/14 6:15 p.m.•43 views

CVE-2024-52393

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15.

9.1CVSS9.3AI score0.00311EPSS

CVE•added 2024/09/18 12:15 a.m.•36 views

CVE-2024-43983

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.

6.5CVSS6.2AI score0.00089EPSS

CVE•added 2024/02/07 11:15 a.m.•29 views

CVE-2024-1109

The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tra...

5.3CVSS5.4AI score0.0024EPSS