Podlove Podlove_podcast_publisher

20 CVEs affecting Podlove Podlove_podcast_publisher. Latest disclosed: 2025-05-15. Critical: 4, High: 4.

Top CVEs affecting Podlove Podlove_podcast_publisher
CVESeverityScorePublishedSummary
CVE-2021-24666Critical9.82021-09-27The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/serv…
CVE-2016-10942Critical9.82019-09-13The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.
CVE-2024-43984Critical9.62024-10-31Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n…
CVE-2024-52393Critical9.12024-11-14Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Po…
CVE-2017-12949High8.82017-08-18lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby pa…
CVE-2024-32139High8.52024-04-15Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podl…
CVE-2024-32712High7.52024-05-14Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.
CVE-2024-29915High7.12024-03-27Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Reflected XSS.Th…
CVE-2024-43983Medium6.52024-09-18Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XS…
CVE-2016-10941Medium6.12019-09-13The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.
CVE-2023-25046Medium5.92023-04-07Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.
CVE-2024-32812Medium5.42024-04-24Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.
CVE-2024-1110Medium5.32024-02-07The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function…
CVE-2024-1109Medium5.32024-02-07The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and in…
CVE-2024-13730Medium4.82025-05-15The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as a…
CVE-2024-13729Medium4.82025-05-15The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2025-0554Medium4.42025-01-18The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficien…
CVE-2025-1383Medium4.32025-03-06The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to miss…
CVE-2024-32143Medium4.32024-06-11Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.
CVE-2023-25472Medium4.32023-05-23Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions.