cleantalk
Vulnerabilities and Security Researches

Podlove Podcast Publisher, CVE-2017-12949

CVE, Research URL

CVE-2017-12949

Home page URL

Security reports for Podlove Podcast Publisher

Application

Podlove Podcast Publisher

Published on
Aug 18, 2017
Research Description
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.
Affected versions
Min -, max 2.6.0.
Status
vulnerable
Previous vulnerability researches
Podlove Podcast Publisher (CVE-2024-52393) , Nov 14, 2024
Podlove Podcast Publisher (CVE-2021-24666) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2016-10941) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2016-10942) , Jun 07, 2024
Podlove Podcast Publisher (CVE-2023-25472) , Jun 07, 2024
New vulnerability
Audio Comments Plugin (CVE-2025-4189) , May 18, 2025
WP Notes Widget (CVE-2025-48121) , May 18, 2025
Eventer (CVE-2025-39482) , May 18, 2025
Eventer (CVE-2025-39481) , May 18, 2025
Push notification for Mobile and Web app (CVE-2025-48127) , May 18, 2025