Vulnerabilities > Podlove
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-13 | CVE-2016-10941 | Cross-site Scripting vulnerability in Podlove Podcast Publisher The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. | 4.3 |
2017-08-18 | CVE-2017-12949 | SQL Injection vulnerability in Podlove Podcast Publisher 2.5.3 lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. | 6.5 |