Vulnerabilities > Podlove > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-18 CVE-2024-43983 Cross-site Scripting vulnerability in Podlove Podcast Publisher
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13.
network
low complexity
podlove CWE-79
5.4
5.4
2024-02-07 CVE-2024-1109 Missing Authorization vulnerability in Podlove Podcast Publisher
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11.
network
low complexity
podlove CWE-862
5.3
5.3
2024-02-07 CVE-2024-1110 Missing Authorization vulnerability in Podlove Podcast Publisher
The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11.
network
low complexity
podlove CWE-862
5.3
5.3
2023-04-25 CVE-2023-25479 Unspecified vulnerability in Podlove Subscribe Button
Auth.
network
low complexity
podlove
4.8
4.8
2023-04-07 CVE-2023-25046 Unspecified vulnerability in Podlove Podcast Publisher
Auth.
network
low complexity
podlove
4.8
4.8
2019-09-13 CVE-2016-10941 Cross-site Scripting vulnerability in Podlove Podcast Publisher
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.
network
low complexity
podlove CWE-79
6.1
6.1