Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Podlove_podcast_publisher
(Podlove)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 8 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-07 | CVE-2024-1109 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information. | Podlove_podcast_publisher | 5.3 | ||
| 2024-02-07 | CVE-2024-1110 | The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings. | Podlove_podcast_publisher | 5.3 | ||
| 2023-04-07 | CVE-2023-25046 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions. | Podlove_podcast_publisher | 4.8 | ||
| 2023-05-23 | CVE-2023-25472 | Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions. | Podlove_podcast_publisher | 8.8 | ||
| 2021-09-27 | CVE-2021-24666 | The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi. | Podlove_podcast_publisher | 9.8 | ||
| 2019-09-13 | CVE-2016-10942 | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. | Podlove_podcast_publisher | N/A | ||
| 2019-09-13 | CVE-2016-10941 | The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. | Podlove_podcast_publisher | N/A | ||
| 2017-08-18 | CVE-2017-12949 | lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. | Podlove_podcast_publisher | 8.8 |