VYPR

Podcast Importer SecondLine

by WordPress

CVEs (2)

  • CVE-2020-24149HigJul 7, 2021
    risk 0.49cvss 7.5epss 0.02

    Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) plugin 1.1.4 for WordPress via the podcast_feed parameter in a secondline_import_initialize action to the secondlinepodcastimport page.

  • CVE-2022-1023HigApr 11, 2022
    risk 0.47cvss 7.2epss 0.01

    The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file