Vulnerabilities and security researches forpodlove-podcasting-plugin-for-wordpress podlove-podcasting-plugin-for-wordpress

Direction: ascending

Jun 07, 2024

Podlove Podcast Publisher # CVE-2021-24666

CVE, Research URL: CVE-2021-24666
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Sep 27, 2021
Research Description: The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2016-10941

CVE, Research URL: CVE-2016-10941
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Sep 13, 2019
Research Description: The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2016-10942

CVE, Research URL: CVE-2016-10942
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Sep 13, 2019
Research Description: The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2023-25472

CVE, Research URL: CVE-2023-25472
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: May 23, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2024-1109

CVE, Research URL: CVE-2024-1109
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Feb 07, 2024
Research Description: The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2024-32812

CVE, Research URL: CVE-2024-32812
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Apr 24, 2024
Research Description: Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2017-12949

CVE, Research URL: CVE-2017-12949
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Aug 18, 2017
Research Description: lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2023-25046

CVE, Research URL: CVE-2023-25046
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Apr 07, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2024-1110

CVE, Research URL: CVE-2024-1110
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Feb 07, 2024
Research Description: The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2024-29915

CVE, Research URL: CVE-2024-29915
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Mar 27, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2024-32139

CVE, Research URL: CVE-2024-32139
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Apr 15, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2024-32143

CVE, Research URL: CVE-2024-32143
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Jun 11, 2024
Research Description: Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2024-32712

CVE, Research URL: CVE-2024-32712
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: May 14, 2024
Research Description: Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.
Affected versions: Min -, max -.
Status: vulnerable

Sep 01, 2024

Podlove Podcast Publisher # CVE-2024-43984

CVE, Research URL: CVE-2024-43984
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Oct 31, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2024-43983

CVE, Research URL: CVE-2024-43983
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Sep 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.
Affected versions: Min -, max -.
Status: vulnerable

Nov 14, 2024

Podlove Podcast Publisher # CVE-2024-52393

CVE, Research URL: CVE-2024-52393
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Nov 14, 2024
Research Description: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15.
Affected versions: Min -, max -.
Status: vulnerable

Jan 19, 2025

Podlove Podcast Publisher # CVE-2025-0554

CVE, Research URL: CVE-2025-0554
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Jan 18, 2025
Research Description: The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable

Mar 07, 2025

Podlove Podcast Publisher # CVE-2025-1383

CVE, Research URL: CVE-2025-1383
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: Mar 06, 2025
Research Description: The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated attackers to delete arbitrary episode transcripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

May 17, 2025

Podlove Podcast Publisher # CVE-2024-13729

CVE, Research URL: CVE-2024-13729
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: May 16, 2025
Research Description: The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable

Podlove Podcast Publisher # CVE-2024-13730

CVE, Research URL: CVE-2024-13730
Home page URL: Security reports for Podlove Podcast Publisher
Application: Podlove Podcast Publisher
Date: May 16, 2025
Research Description: The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: Min -, max -.
Status: vulnerable