VYPR

Podlove Podcasting Plugin For Wordpress

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-10147CriSep 23, 2025
    risk 0.57cvss 9.8epss 0.01

    The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to upload…

  • CVE-2025-58204MedAug 27, 2025
    risk 0.24cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Phishing.This issue affects Podlove Podcast Publisher: from n/a through <= 4.2.5.

  • CVE-2016-10942Sep 13, 2019
    risk 0.00cvss epss 0.02

    The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.

  • CVE-2016-10941Sep 13, 2019
    risk 0.00cvss epss 0.01

    The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.

VYPR — Vulnerability Intelligence