VYPR

Podcast Subscribe Buttons

by WordPress

CVEs (2)

  • CVE-2023-5308MedOct 20, 2023
    risk 0.35cvss 6.4epss 0.00

    The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2021-24743MedOct 18, 2021
    risk 0.35cvss 5.4epss 0.01

    The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS.