Eteubert Podlove Podcast Publisher vulnerabilities

5 known vulnerabilities affecting eteubert/podlove_podcast_publisher.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2025-10147CRITICALCVSS 9.8≤ 4.2.62025-09-23

CVE-2025-10147 [CRITICAL] CWE-434 CVE-2025-10147: The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to mi The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code e

CVE-2025-1383MEDIUMCVSS 4.3≤ 4.2.22025-03-06

CVE-2025-1383 [MEDIUM] CWE-352 CVE-2025-1383: The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in al The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated attackers to delete arbitrary episode transcripts via a forged request gran

CVE-2025-0554MEDIUMCVSS 4.0≤ 4.1.252025-01-18

CVE-2025-0554 [MEDIUM] CWE-79 CVE-2025-0554: The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a

CVE-2024-1110MEDIUMCVSS 5.3≤ 4.0.112024-02-07

CVE-2024-1110 [MEDIUM] CWE-862 CVE-2024-1110: The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of dat The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.

CVE-2024-1109MEDIUMCVSS 5.3≤ 4.0.112024-02-07

CVE-2024-1109 [MEDIUM] CWE-862 CVE-2024-1109: The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.