Podlove

podlove

23 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Podlove Podcast Publisher

podlove_podcast_publisher

20 CVEs

Podlove Subscribe Button

podlove_subscribe_button

3 CVEs

CVEs (23)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13730 1Podlove 1Podlove Podcast Publisher May 23, 2025 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...Show more The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-13729 1Podlove 1Podlove Podcast Publisher May 23, 2025 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even whe...Show more The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2025-1383 1Podlove 1Podlove Podcast Publisher Mar 19, 2025 Mar 6, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_dele...Show more The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated attackers to delete arbitrary episode transcripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-0554 1Podlove 1Podlove Podcast Publisher Mar 19, 2025 Jan 18, 2025 N/A· v4 4.0 MEDIUM· v3 N/A· v2 The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possi...Show more The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.Show less
CVE-2024-52393 1Podlove 1Podlove Podcast Publisher Apr 23, 2026 Nov 14, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1.15.
CVE-2024-43984 1Podlove 1Podlove Podcast Publisher Mar 19, 2025 Oct 31, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.
CVE-2024-43983 1Podlove 1Podlove Podcast Publisher Sep 25, 2024 Sep 18, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a thro...Show more Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.Show less
CVE-2024-32143 1Podlove 1Podlove Podcast Publisher Mar 19, 2025 Jun 11, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.
CVE-2024-32712 1Podlove 1Podlove Podcast Publisher Apr 28, 2026 May 14, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.
CVE-2024-32812 1Podlove 1Podlove Podcast Publisher Apr 28, 2026 Apr 24, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.
CVE-2024-32139 1Podlove 1Podlove Podcast Publisher Apr 28, 2026 Apr 15, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12.
CVE-2024-29915 1Podlove 1Podlove Podcast Publisher Apr 28, 2026 Mar 27, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9.Show less
CVE-2024-1118 1Podlove 1Podlove Subscribe Button Apr 8, 2026 Feb 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insuff...Show more The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.Show less
CVE-2024-1110 1Podlove 1Podlove Podcast Publisher Apr 8, 2026 Feb 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it p...Show more The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.Show less
CVE-2024-1109 1Podlove 1Podlove Podcast Publisher Apr 8, 2026 Feb 7, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11....Show more The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.Show less
CVE-2023-25481 1Podlove 1Podlove Subscribe Button Nov 21, 2024 May 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.
CVE-2023-25472 1Podlove 1Podlove Podcast Publisher Nov 21, 2024 May 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions.
CVE-2023-25479 1Podlove 1Podlove Subscribe Button Nov 21, 2024 Apr 25, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.
CVE-2023-25046 1Podlove 1Podlove Podcast Publisher Nov 21, 2024 Apr 7, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.
CVE-2021-24666 1Podlove 1Podlove Podcast Publisher Nov 21, 2024 Sep 27, 2021 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category'...Show more The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.Show less

12 Next