Show filters
17 Total Results
Displaying 1-10 of 17
Sort by:
Attacker Value
Unknown

CVE-2025-0554

Disclosure Date: January 18, 2025 (last updated January 18, 2025)
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-52393

Disclosure Date: November 14, 2024 (last updated November 15, 2024)
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15.
0
0
Attacker Value
Unknown

CVE-2024-43984

Disclosure Date: October 31, 2024 (last updated October 31, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.
0
0
Attacker Value
Unknown

CVE-2024-43983

Disclosure Date: September 18, 2024 (last updated September 26, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-32143

Disclosure Date: June 11, 2024 (last updated June 12, 2024)
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.
0
0
Attacker Value
Unknown

CVE-2024-32712

Disclosure Date: May 14, 2024 (last updated May 15, 2024)
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.
0
0
Attacker Value
Unknown

CVE-2024-32812

Disclosure Date: April 24, 2024 (last updated April 24, 2024)
Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.
0
0
Attacker Value
Unknown

CVE-2024-32139

Disclosure Date: April 15, 2024 (last updated April 15, 2024)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12.
0
0
Attacker Value
Unknown

CVE-2024-29915

Disclosure Date: March 27, 2024 (last updated January 05, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9.
0
0
Attacker Value
Unknown

CVE-2024-1110

Disclosure Date: February 07, 2024 (last updated February 10, 2024)
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  Next >