Podlove Podlove_podcast_publisher
20 CVEs affecting Podlove Podlove_podcast_publisher. Latest disclosed: 2025-05-15. Critical: 4, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-24666 | Critical | 9.8 | 2021-09-27 | The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/serv… |
CVE-2016-10942 | Critical | 9.8 | 2019-09-13 | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. |
CVE-2024-43984 | Critical | 9.6 | 2024-10-31 | Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n… |
CVE-2024-52393 | Critical | 9.1 | 2024-11-14 | Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Po… |
CVE-2017-12949 | High | 8.8 | 2017-08-18 | lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby pa… |
CVE-2024-32139 | High | 8.5 | 2024-04-15 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podl… |
CVE-2024-32712 | High | 7.5 | 2024-05-14 | Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14. |
CVE-2024-29915 | High | 7.1 | 2024-03-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.Th… |
CVE-2024-43983 | Medium | 6.5 | 2024-09-18 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XS… |
CVE-2016-10941 | Medium | 6.1 | 2019-09-13 | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. |
CVE-2023-25046 | Medium | 5.9 | 2023-04-07 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions. |
CVE-2024-32812 | Medium | 5.4 | 2024-04-24 | Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11. |
CVE-2024-1110 | Medium | 5.3 | 2024-02-07 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function… |
CVE-2024-1109 | Medium | 5.3 | 2024-02-07 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and in… |
CVE-2024-13730 | Medium | 4.8 | 2025-05-15 | The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as a… |
CVE-2024-13729 | Medium | 4.8 | 2025-05-15 | The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as… |
CVE-2025-0554 | Medium | 4.4 | 2025-01-18 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficien… |
CVE-2025-1383 | Medium | 4.3 | 2025-03-06 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to miss… |
CVE-2024-32143 | Medium | 4.3 | 2024-06-11 | Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0. |
CVE-2023-25472 | Medium | 4.3 | 2023-05-23 | Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions. |