cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2025-0554,https://securityvulnerability.io/vulnerability/CVE-2025-0554,Stored Cross-Site Scripting Vulnerability in Podlove Podcast Publisher for WordPress,"The Podlove Podcast Publisher plugin for WordPress exhibits a vulnerability that allows authenticated attackers with administrator privileges to perform Stored Cross-Site Scripting (XSS). This occurs via the Feed Name input, which lacks proper input sanitization and output escaping. As a result, malicious scripts can be injected into web pages, leading to potential exploitation whenever users access affected pages. This vulnerability is particularly concerning for multi-site installations and those with the unfiltered_html option disabled, enhancing the risk of unauthorized script execution.",Wordpress,Podlove Podcast Publisher,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-18T05:33:48.811Z,0
CVE-2024-1109,https://securityvulnerability.io/vulnerability/CVE-2024-1109,Unauthorized Access to Data in Podlove Podcast Publisher Plugin,"The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.",Wordpress,Podlove Podcast Publisher,5.3,MEDIUM,0.000699999975040555,false,,false,false,false,,false,false,2024-02-07T11:02:39.482Z,0
CVE-2024-1110,https://securityvulnerability.io/vulnerability/CVE-2024-1110,Unauthorized Data Modification Vulnerability in Podlove Podcast Publisher Plugin,"The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.",Wordpress,Podlove Podcast Publisher,5.3,MEDIUM,0.000699999975040555,false,,false,false,false,,false,false,2024-02-07T11:02:38.853Z,0
CVE-2021-24666,https://securityvulnerability.io/vulnerability/CVE-2021-24666,Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection,"The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.",Wordpress,Podlove Podcast Publisher,9.8,CRITICAL,0.6174100041389465,false,,false,false,false,,false,false,2021-09-27T15:25:36.000Z,0
CVE-2016-10942,https://securityvulnerability.io/vulnerability/CVE-2016-10942,,The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.,Wordpress,Podlove Podcast Publisher,9.8,CRITICAL,0.0015399999683722854,false,,false,false,false,,false,false,2019-09-13T11:53:42.000Z,0
CVE-2016-10941,https://securityvulnerability.io/vulnerability/CVE-2016-10941,,The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.,Wordpress,Podlove Podcast Publisher,6.1,MEDIUM,0.0008800000068731606,false,,false,false,false,,false,false,2019-09-13T11:52:23.000Z,0
CVE-2017-12949,https://securityvulnerability.io/vulnerability/CVE-2017-12949,,"lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF.",Wordpress,Podlove Podcast Publisher,8.8,HIGH,0.00107999995816499,false,,false,false,false,,false,false,2017-08-18T18:29:00.000Z,0