← Back

Podcast Subscribe Buttons

podcast_subscribe_buttons

Vendor: Secondlinethemes • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Secondlinethemes
1Podcast Subscribe Buttons
Jun 17, 2026
Oct 20, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output...Show more
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
1Secondlinethemes
1Podcast Subscribe Buttons
Jun 17, 2026
Oct 18, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS.