cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9543,https://securityvulnerability.io/vulnerability/CVE-2024-9543,Stored Cross-Site Scripting Vulnerability in PowerPress Podcasting Plugin,"The Blubrry PowerPress Podcasting plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability through its 'skipto' shortcode. This vulnerability arises from inadequate input sanitization and output escaping of user-supplied attributes, allowing authenticated users with contributor-level access or higher to inject arbitrary web scripts. The malicious scripts can be executed when users access the compromised pages, posing significant risks to website security.",Wordpress,Powerpress Podcasting Plugin By Blubrry,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,2024-10-11T05:33:11.465Z,0
CVE-2023-4820,https://securityvulnerability.io/vulnerability/CVE-2023-4820,PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS,"The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.",Wordpress,PowerPress Podcasting plugin by Blubrry,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-10-16T20:15:00.000Z,0
CVE-2023-1917,https://securityvulnerability.io/vulnerability/CVE-2023-1917,Stored Cross-Site Scripting Vulnerability in PowerPress Plugin for WordPress,"The PowerPress plugin for WordPress is exposed to a serious Stored Cross-Site Scripting flaw due to inadequate input sanitization and output escaping for user-supplied attributes within its shortcodes. This vulnerability allows authenticated users with contributor-level permissions or higher to insert arbitrary web scripts into WordPress pages, which are executed when any user accesses these compromised pages. A partial fix was implemented in version 10.0.1, followed by a more comprehensive patch in version 10.0.2 to prevent further exploits.",Wordpress,PowerPress Podcasting plugin by Blubrry,5.4,MEDIUM,0.0008099999977275729,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2021-24123,https://securityvulnerability.io/vulnerability/CVE-2021-24123,PowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCE,"Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.",Wordpress,Powerpress,7.2,HIGH,0.0021200000774115324,false,,false,false,false,,false,false,2021-03-18T14:57:47.000Z,0
CVE-2015-9410,https://securityvulnerability.io/vulnerability/CVE-2015-9410,,The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.,Wordpress,Powerpress,5.4,MEDIUM,0.000910000002477318,false,,false,false,false,,false,false,2019-09-26T00:15:00.000Z,0
CVE-2015-1385,https://securityvulnerability.io/vulnerability/CVE-2015-1385,,Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php.,Wordpress,Powerpress,,,0.02928999997675419,false,,false,false,false,,false,false,2015-02-02T15:00:00.000Z,0