podlove/podlove-publisher

podlove/podlove-publisher

Releases540

Frequency1 week 2 days

Last Release 15 days ago

Stars306

Podlove Podcast Publisher for WordPress

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-1110 ↗	Feb 7, 2024Wednesday, 7 February 2024, 11:15	5.3 MEDIUM	—
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings.
CVE-2024-1109 ↗	Feb 7, 2024Wednesday, 7 February 2024, 11:15	5.3 MEDIUM	—
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information.
CVE-2021-24666 ↗	Sep 27, 2021Monday, 27 September 2021, 16:15	9.8 CRITICAL	6.8 MEDIUM
The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.
CVE-2016-10941 ↗	Sep 13, 2019Friday, 13 September 2019, 12:15	6.1 MEDIUM	4.3 MEDIUM
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.
CVE-2016-10942 ↗	Sep 13, 2019Friday, 13 September 2019, 12:15	9.8 CRITICAL	7.5 HIGH
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.