Podlove Podlove Podcast Publisher — known CVE vulnerabilities
Every CVE whose affected-product data names Podlove Podlove Podcast Publisher, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2016-10942 — CVSS 9.8 (critical): The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable…
CVE-2021-24666 — CVSS 9.8 (critical): The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds…
CVE-2024-52393 — CVSS 9.1 (critical): Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This…
CVE-2017-12949 — CVSS 8.8 (high): lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL…
CVE-2024-32139 — CVSS 8.5 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast…
CVE-2024-29915 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher…
CVE-2024-43983 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast…
CVE-2016-10941 — CVSS 6.1 (medium): The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.
CVE-2024-1109 — CVSS 5.3 (medium): The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the…
CVE-2024-1110 — CVSS 5.3 (medium): The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2024-13730 — CVSS 4.8 (medium): The Podlove Podcast Publisher WordPress plugin before 4.2.1 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-13729 — CVSS 4.8 (medium): The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high…
CVE-2025-0554 — CVSS 4.4 (medium): The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <=…
CVE-2025-1383 — CVSS 4.3 (medium): The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2…