CVE-2023-4820

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 70.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Powerpress Podcasting Plugin BY Blubrry Blubrry Powerpress

Timeline

PublishedOct 16

Description

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/powerpress_podcasting_plugin_by_blubrry< 11.0.12

▶NVDblubrry/powerpress< 11.0.12

🔴Vulnerability Details

GHSA

GHSA-hfr4-7364-jv2q: The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11↗2023-10-16

▶

CVEList

PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS↗2023-10-16

▶