Unrated severityNVD Advisory· Published Oct 16, 2023· Updated Mar 5, 2025
PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS
CVE-2023-4820
Description
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.