cleantalk
Vulnerabilities and Security Researches

PowerPress Podcasting plugin by Blubrry, CVE-2024-9227

CVE, Research URL

CVE-2024-9227

Home page URL

Security reports for PowerPress Podcasting plugin by Blubrry

Application

PowerPress Podcasting plugin by Blubrry

Published on
May 16, 2025
Research Description
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected versions
Min -, max 11.9.18.
Status
vulnerable
Previous vulnerability researches
Responsive Lightbox2 (CVE-2022-3987) , Jun 07, 2024
Responsive Lightbox2 (3a708e667647cfc7347348989e4ffa77f2b38c04) , Jun 07, 2024
New vulnerability
AWcode Toolkit (CVE-2025-48238) , May 21, 2025
Product Notes for WooCommerce (CVE-2025-48239) , May 21, 2025
TI WooCommerce Wishlist (CVE-2025-47577) , May 20, 2025
TI WooCommerce Wishlist (CVE-2025-32920) , May 20, 2025
Header Footer Code Manager , May 20, 2025