Blubrry

Powerpress

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-13536

  • EPSS 0.33%
  • Veröffentlicht 27.11.2025 08:27:05
  • Zuletzt bearbeitet 01.12.2025 15:39:33

The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is due to the plugin validating file extensions but not halting execution...

4.8

CVE-2024-9227

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:16:00
  • Zuletzt bearbeitet 05.06.2025 14:21:12

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered...

5.9

CVE-2024-9230

Exploit
  • EPSS 0.18%
  • Veröffentlicht 14.04.2025 06:00:04
  • Zuletzt bearbeitet 29.04.2025 20:33:55

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks

6.4

CVE-2024-9543

  • EPSS 0.23%
  • Veröffentlicht 11.10.2024 13:15:19
  • Zuletzt bearbeitet 15.10.2024 12:58:51

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping...

6.4

CVE-2024-6588

  • EPSS 0.58%
  • Veröffentlicht 12.07.2024 07:15:02
  • Zuletzt bearbeitet 21.11.2024 09:49:56

The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘media_url’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. T...

6.5

CVE-2023-41239

  • EPSS 0.17%
  • Veröffentlicht 13.11.2023 03:15:09
  • Zuletzt bearbeitet 21.11.2024 08:20:53

Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.

5.4

CVE-2023-4820

Exploit
  • EPSS 0.11%
  • Veröffentlicht 16.10.2023 20:15:16
  • Zuletzt bearbeitet 05.03.2025 17:15:12

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a s...

5.4

CVE-2023-30778

  • EPSS 0.08%
  • Veröffentlicht 15.08.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 08:00:53

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <= 10.0.1 versions.

5.4

CVE-2023-1917

  • EPSS 0.09%
  • Veröffentlicht 09.06.2023 06:15:59
  • Zuletzt bearbeitet 21.11.2024 07:40:08

The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

7.2

CVE-2021-24123

Exploit
  • EPSS 0.88%
  • Veröffentlicht 18.03.2021 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:52:24

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary...