Podlove

Podlove Podcast Publisher

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2024-13730

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:15:40
  • Zuletzt bearbeitet 23.05.2025 18:39:55

The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit...

4.8

CVE-2024-13729

Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.05.2025 20:15:39
  • Zuletzt bearbeitet 23.05.2025 18:46:33

The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili...

4.3

CVE-2025-1383

  • EPSS 0.05%
  • Veröffentlicht 06.03.2025 12:15:35
  • Zuletzt bearbeitet 19.03.2025 20:47:28

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it p...

4

CVE-2025-0554

  • EPSS 0.07%
  • Veröffentlicht 18.01.2025 06:15:28
  • Zuletzt bearbeitet 19.03.2025 19:53:31

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

7.2

CVE-2024-52393

  • EPSS 0.48%
  • Veröffentlicht 14.11.2024 18:15:26
  • Zuletzt bearbeitet 21.03.2025 18:44:46

Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.15.

8.8

CVE-2024-43984

  • EPSS 0.36%
  • Veröffentlicht 31.10.2024 10:15:05
  • Zuletzt bearbeitet 19.03.2025 17:13:49

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.

5.4

CVE-2024-43983

  • EPSS 0.29%
  • Veröffentlicht 18.09.2024 00:15:07
  • Zuletzt bearbeitet 25.09.2024 14:11:22

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.

8.8

CVE-2024-32143

  • EPSS 0.55%
  • Veröffentlicht 11.06.2024 17:16:00
  • Zuletzt bearbeitet 19.03.2025 18:52:15

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.1.0.

4.3

CVE-2024-32712

  • EPSS 0.28%
  • Veröffentlicht 14.05.2024 15:36:59
  • Zuletzt bearbeitet 19.03.2025 18:51:57

Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.14.

5.4

CVE-2024-32812

  • EPSS 0.13%
  • Veröffentlicht 24.04.2024 08:15:40
  • Zuletzt bearbeitet 19.03.2025 18:08:22

Server-Side Request Forgery (SSRF) vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.11.