Blubrry Powerpress Podcasting Plugin By Blubrry vulnerabilities
7 known vulnerabilities affecting blubrry/powerpress_podcasting_plugin_by_blubrry.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2026-2988MEDIUMCVSS 6.4≤ 11.15.152026-04-08
CVE-2026-2988 [MEDIUM] CWE-79 CVE-2026-2988: The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'po
The Blubrry PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'powerpress' and 'podcast' shortcodes in versions up to, and including, 11.15.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web
cvelistv5nvd
CVE-2025-13536HIGHCVSS 8.8≤ 11.15.22025-11-27
CVE-2025-13536 [HIGH] CWE-434 CVE-2025-13536: The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insuffici
The Blubrry PowerPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 11.15.2. This is due to the plugin validating file extensions but not halting execution when validation fails in the 'powerpress_edit_post' function. This makes it possible for authenticated
cvelistv5nvd
CVE-2024-9543MEDIUMCVSS 6.4≤ 11.9.182024-10-11
CVE-2024-9543 [MEDIUM] CWE-79 CVE-2024-9543: The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site
The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level
cvelistv5nvd
CVE-2024-6588MEDIUMCVSS 6.4≤ 11.9.102024-07-12
CVE-2024-6588 [MEDIUM] CWE-79 CVE-2024-6588: The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Si
The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘media_url’ parameter in all versions up to, and including, 11.9.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execut
cvelistv5nvd
CVE-2023-41239MEDIUMCVSS 6.5≥ n/a, ≤ 11.0.62023-11-13
CVE-2023-41239 [MEDIUM] CWE-918 CVE-2023-41239: Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.
Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.
cvelistv5nvd
CVE-2023-30778MEDIUMCVSS 5.4≥ n/a, ≤ 10.0.12023-08-15
CVE-2023-30778 [MEDIUM] CWE-79 CVE-2023-30778: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcastin
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <= 10.0.1 versions.
cvelistv5nvd
CVE-2023-1917MEDIUMCVSS 5.4≤ 10.02023-06-09
CVE-2023-1917 [MEDIUM] CWE-79 CVE-2023-1917: The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sh
The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary
cvelistv5nvd