Podlove Podcasting Plugin For Wordpress
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10147 | Cri | 0.57 | 9.8 | 0.01 | Sep 23, 2025 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to upload… | ||
| CVE-2025-58204 | Med | 0.24 | 4.7 | 0.00 | Aug 27, 2025 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Phishing.This issue affects Podlove Podcast Publisher: from n/a through <= 4.2.5. | ||
| CVE-2016-10942 | 0.00 | — | 0.02 | Sep 13, 2019 | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. | |||
| CVE-2016-10941 | 0.00 | — | 0.01 | Sep 13, 2019 | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. |
- risk 0.57cvss 9.8epss 0.01
The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to upload…
- risk 0.24cvss 4.7epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Phishing.This issue affects Podlove Podcast Publisher: from n/a through <= 4.2.5.
- CVE-2016-10942Sep 13, 2019risk 0.00cvss —epss 0.02
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.
- CVE-2016-10941Sep 13, 2019risk 0.00cvss —epss 0.01
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.