CVE-2024-52393

CWE-82 CWE-94 — Code Injection CWE-13363 documents3 sources

Severity

7.2HIGH

EPSS

0.6%

top 29.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eric Teubert Podlove Podcast Publisher Podlove Podlove Podcast Publisher

Timeline

PublishedNov 14

Description

Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1.15.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5eric_teubert/podlove_podcast_publisher4.1.15

▶NVDpodlove/podlove_podcast_publisher4.1.15

🔴Vulnerability Details

GHSA

GHSA-x7gr-mmjj-hx3h: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Podlove Podlove Podcast Publisher↗2024-11-14

▶

CVEList

WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerability↗2024-11-14

▶