Podlove Podcast Publisher
Sign in to watchby Podlove
Source repositories
CVEs (8)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-52393 | Cri | 0.59 | 9.1 | 0.01 | Nov 14, 2024 | Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1.15. | |
| CVE-2017-12949 | Hig | 0.57 | 8.8 | 0.01 | Aug 18, 2017 | lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. | |
| CVE-2024-32139 | Hig | 0.56 | 8.5 | 0.07 | Apr 15, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12. | |
| CVE-2024-32712 | Hig | 0.42 | 7.5 | 0.00 | May 14, 2024 | Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. | |
| CVE-2024-29915 | Hig | 0.39 | 7.1 | 0.00 | Mar 27, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.0.9. | |
| CVE-2024-32812 | Med | 0.28 | 5.4 | 0.00 | Apr 24, 2024 | Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11. | |
| CVE-2024-1110 | Med | 0.27 | 5.3 | 0.00 | Feb 7, 2024 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings. | |
| CVE-2024-1109 | Med | 0.27 | 5.3 | 0.00 | Feb 7, 2024 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information. |