Vulnerabilities > Podlove > Podlove Subscribe Button > 1.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-1118 | SQL Injection vulnerability in Podlove Subscribe Button The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2023-05-23 | CVE-2023-25481 | Cross-Site Request Forgery (CSRF) vulnerability in Podlove Subscribe Button Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions. | 8.8 |