cleantalk
Vulnerabilities and Security Researches

PowerPress Podcasting plugin by Blubrry, CVE-2021-24123

CVE, Research URL

CVE-2021-24123

Home page URL

Security reports for PowerPress Podcasting plugin by Blubrry

Application

PowerPress Podcasting plugin by Blubrry

Published on
Mar 18, 2021
Research Description
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
Affected versions
Min -, max 8.3.8.
Status
vulnerable
Previous vulnerability researches
Blubrry PowerPress Podcasting plugin MultiSite add-on (CVE-2025-31436) , Apr 05, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2024-6588) , Jul 13, 2024
PowerPress Podcasting plugin by Blubrry (CVE-2025-32690) , Apr 10, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2025-32691) , Apr 10, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2024-6297) , Jun 30, 2024
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025