Vulnerabilities > Podlove > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2024-1118 | SQL Injection vulnerability in Podlove Subscribe Button The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2023-05-23 | CVE-2023-25472 | Unspecified vulnerability in Podlove Podcast Publisher Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions. | 8.8 |
| 2023-05-23 | CVE-2023-25481 | Cross-Site Request Forgery (CSRF) vulnerability in Podlove Subscribe Button Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions. | 8.8 |
| 2017-08-18 | CVE-2017-12949 | SQL Injection vulnerability in Podlove Podcast Publisher 2.5.3 lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitable through CSRF. | 8.8 |