Search criteria
27 vulnerabilities found for powerpress by blubrry
FKIE_CVE-2024-9227
Vulnerability from fkie_nvd - Published: 2025-05-15 20:16 - Updated: 2025-06-05 14:21
Severity ?
Summary
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/bb6515b9-a316-4146-8b7d-9b70a47aa366/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blubrry | powerpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F8DC934F-3E46-4D75-8EE0-0A9B5400A8B9",
"versionEndExcluding": "11.9.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
},
{
"lang": "es",
"value": "El complemento PowerPress Podcasting de Blubrry para WordPress anterior a la versi\u00f3n 11.9.18 no depura ni escapa de algunas de sus configuraciones al agregar un podcast, lo que podr\u00eda permitir a los usuarios administradores realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida."
}
],
"id": "CVE-2024-9227",
"lastModified": "2025-06-05T14:21:12.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-15T20:16:00.227",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/bb6515b9-a316-4146-8b7d-9b70a47aa366/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-9230
Vulnerability from fkie_nvd - Published: 2025-04-14 06:15 - Updated: 2025-04-29 20:33
Severity ?
Summary
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/ab5eaf57-fb61-4a08-b439-42dea40b7914/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blubrry | powerpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F8DC934F-3E46-4D75-8EE0-0A9B5400A8B9",
"versionEndExcluding": "11.9.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks"
},
{
"lang": "es",
"value": "El complemento PowerPress Podcasting de Blubrry para WordPress anterior a la versi\u00f3n 11.9.18 no depura ni escapa de algunas de sus configuraciones al agregar un podcast, lo que podr\u00eda permitir al autor y a usuarios superiores realizar ataques de Cross-Site Scripting almacenado."
}
],
"id": "CVE-2024-9230",
"lastModified": "2025-04-29T20:33:55.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-14T06:15:15.223",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/ab5eaf57-fb61-4a08-b439-42dea40b7914/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-41239
Vulnerability from fkie_nvd - Published: 2023-11-13 03:15 - Updated: 2024-11-21 08:20
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blubrry | powerpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "35409F83-CDC1-4B22-B9F4-744FD6943C53",
"versionEndIncluding": "11.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en el complemento Blubrry PowerPress Podcasting de Blubrry. Este problema afecta al complemento PowerPress Podcasting de Blubrry: desde n/a hasta 11.0.6."
}
],
"id": "CVE-2023-41239",
"lastModified": "2024-11-21T08:20:53.773",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-13T03:15:09.347",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-11-0-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-11-0-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-4820
Vulnerability from fkie_nvd - Published: 2023-10-16 20:15 - Updated: 2025-03-05 17:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blubrry | powerpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7463AB7A-4418-4360-97EF-2DF859362287",
"versionEndExcluding": "11.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin."
},
{
"lang": "es",
"value": "El complemento PowerPress Podcasting por el complemento Blubrry WordPress anterior a 11.0.12 no sanitiza ni escapa del campo de URL de medios en las publicaciones, lo que podr\u00eda permitir a los usuarios con privilegios tan bajos como colaborador inyectar scripts web arbitrarios que podr\u00edan apuntar a un administrador o s\u00faper administrador del sitio."
}
],
"id": "CVE-2023-4820",
"lastModified": "2025-03-05T17:15:12.883",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-10-16T20:15:16.913",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified"
}
FKIE_CVE-2023-30778
Vulnerability from fkie_nvd - Published: 2023-08-15 13:15 - Updated: 2024-11-21 08:00
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <= 10.0.1 versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blubrry | powerpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "ACF95F15-E5FB-4622-8BC8-4CAB1E1495E9",
"versionEndIncluding": "10.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin \u003c=\u00a010.0.1 versions."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el plugin PowerPress Podcasting de Blubrry que afecta a las versiones 10.0.1 e inferiores del plugin Blubrry. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de colaborador o superior."
}
],
"id": "CVE-2023-30778",
"lastModified": "2024-11-21T08:00:53.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.7,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-15T13:15:09.847",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-10-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-10-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-1917
Vulnerability from fkie_nvd - Published: 2023-06-09 06:15 - Updated: 2024-11-21 07:40
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blubrry | powerpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A21FE8D3-0C2F-4DDC-92A1-B2BFC39A0C8C",
"versionEndIncluding": "10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround."
}
],
"id": "CVE-2023-1917",
"lastModified": "2024-11-21T07:40:08.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-09T06:15:59.717",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/browser/powerpress/trunk/powerpress-player.php#L102"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2896729/powerpress"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2899207/powerpress"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44583cb7-bc32-4e62-8431-f5f1f6baeff2?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/browser/powerpress/trunk/powerpress-player.php#L102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2896729/powerpress"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset/2899207/powerpress"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44583cb7-bc32-4e62-8431-f5f1f6baeff2?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Modified"
}
FKIE_CVE-2021-24123
Vulnerability from fkie_nvd - Published: 2021-03-18 15:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blubrry | powerpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A2BBE365-519E-4728-B22E-A3EA9C467D8D",
"versionEndExcluding": "8.3.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE."
},
{
"lang": "es",
"value": "Una carga arbitraria de archivos en el plugin de WordPress PowerPress, versiones anteriores a 8.3.8, no comprobaba algunas de las im\u00e1genes de fuentes cargadas (como las de la secci\u00f3n de ilustraciones de Podcast), permitiendo que las cuentas de alto privilegio (admin+) puedan cargar archivos arbitrarios, como php, lo que conlleva a una RCE"
}
],
"id": "CVE-2021-24123",
"lastModified": "2024-11-21T05:52:24.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-18T15:15:13.573",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-9410
Vulnerability from fkie_nvd - Published: 2019-09-26 00:15 - Updated: 2024-11-21 02:40
Severity ?
Summary
The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/cybersecurityworks/Disclosed/issues/7 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://wordpress.org/plugins/powerpress/#developers | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cybersecurityworks/Disclosed/issues/7 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/powerpress/#developers | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blubrry | powerpress | 6.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blubrry:powerpress:6.0.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3640C623-0E43-45C6-AC66-23B2CE960547",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter."
},
{
"lang": "es",
"value": "El plugin Blubrry PowerPress Podcasting versi\u00f3n 6.0.4 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del par\u00e1metro tab."
}
],
"id": "CVE-2015-9410",
"lastModified": "2024-11-21T02:40:34.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-26T00:15:10.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/7"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/powerpress/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/powerpress/#developers"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-1385
Vulnerability from fkie_nvd - Published: 2015-02-02 15:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blubrry | powerpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blubrry:powerpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "010BD746-FC09-435F-8F9C-5C7902BF873F",
"versionEndIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el plugin Blubrry PowerPress Podcasting anterior a 6.0.1 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro cat en una acci\u00f3n powerpress-editcategoryfeed en la p\u00e1gina powerpressadmin_categoryfeeds.php en wp-admin/admin.php."
}
],
"id": "CVE-2015-1385",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-02T15:59:05.020",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/130"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/534577/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72362"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wordpress.org/plugins/powerpress/changelog/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534577/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wordpress.org/plugins/powerpress/changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-9227 (GCVE-0-2024-9227)
Vulnerability from cvelistv5 – Published: 2025-05-15 20:07 – Updated: 2025-05-17 03:01
VLAI?
Title
PowerPress Podcasting < 11.9.18 - Author+ XSS
Summary
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Severity ?
4.8 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPress Podcasting plugin by Blubrry |
Affected:
0 , < 11.9.18
(semver)
|
Credits
Krugov Artyom
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-17T03:00:34.153003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-17T03:01:18.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "Unknown",
"versions": [
{
"lessThan": "11.9.18",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krugov Artyom"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T20:07:19.757Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/bb6515b9-a316-4146-8b7d-9b70a47aa366/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PowerPress Podcasting \u003c 11.9.18 - Author+ XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-9227",
"datePublished": "2025-05-15T20:07:19.757Z",
"dateReserved": "2024-09-26T18:02:27.048Z",
"dateUpdated": "2025-05-17T03:01:18.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9230 (GCVE-0-2024-9230)
Vulnerability from cvelistv5 – Published: 2025-04-14 06:00 – Updated: 2025-04-14 14:22
VLAI?
Title
PowerPress Podcasting < 11.9.18 - Author+ XSS via Podcast URL
Summary
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks
Severity ?
5.9 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPress Podcasting plugin by Blubrry |
Affected:
0 , < 11.9.18
(semver)
|
Credits
Bob Matyas
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9230",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T14:22:10.349752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T14:22:16.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "Unknown",
"versions": [
{
"lessThan": "11.9.18",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bob Matyas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T06:00:04.686Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/ab5eaf57-fb61-4a08-b439-42dea40b7914/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PowerPress Podcasting \u003c 11.9.18 - Author+ XSS via Podcast URL",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-9230",
"datePublished": "2025-04-14T06:00:04.686Z",
"dateReserved": "2024-09-26T18:10:12.484Z",
"dateUpdated": "2025-04-14T14:22:16.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41239 (GCVE-0-2023-41239)
Vulnerability from cvelistv5 – Published: 2023-11-13 02:42 – Updated: 2024-08-28 15:39
VLAI?
Title
WordPress PowerPress Podcasting Plugin <= 11.0.6 is vulnerable to Server Side Request Forgery (SSRF)
Summary
Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.
Severity ?
6.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Blubrry | PowerPress Podcasting plugin by Blubrry |
Affected:
n/a , ≤ 11.0.6
(custom)
|
Credits
Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-11-0-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T15:34:01.405077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:39:15.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "powerpress",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "Blubrry",
"versions": [
{
"changes": [
{
"at": "11.0.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "11.0.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.\u003cp\u003eThis issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-13T02:42:42.716Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-11-0-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;11.0.7 or a higher version."
}
],
"value": "Update to\u00a011.0.7 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress PowerPress Podcasting Plugin \u003c= 11.0.6 is vulnerable to Server Side Request Forgery (SSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-41239",
"datePublished": "2023-11-13T02:42:42.716Z",
"dateReserved": "2023-08-25T10:02:32.133Z",
"dateUpdated": "2024-08-28T15:39:15.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4820 (GCVE-0-2023-4820)
Vulnerability from cvelistv5 – Published: 2023-10-16 19:39 – Updated: 2025-03-05 16:25
VLAI?
Title
PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS
Summary
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPress Podcasting plugin by Blubrry |
Affected:
0 , < 11.0.12
(custom)
|
Credits
emad
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4820",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-19T19:09:51.771508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T16:25:51.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "Unknown",
"versions": [
{
"lessThan": "11.0.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "emad"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T19:39:21.880Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PowerPress Podcasting \u003c 11.0.12 - Contributor+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-4820",
"datePublished": "2023-10-16T19:39:21.880Z",
"dateReserved": "2023-09-07T14:23:42.636Z",
"dateUpdated": "2025-03-05T16:25:51.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30778 (GCVE-0-2023-30778)
Vulnerability from cvelistv5 – Published: 2023-08-15 12:40 – Updated: 2024-09-25 15:02
VLAI?
Title
WordPress PowerPress Podcasting Plugin <= 10.0.1 is vulnerable to Cross Site Scripting (XSS)
Summary
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <= 10.0.1 versions.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Blubrry | PowerPress Podcasting plugin by Blubrry |
Affected:
n/a , ≤ 10.0.1
(custom)
|
Credits
Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-10-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:32:10.369008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:02:22.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "powerpress",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "Blubrry",
"versions": [
{
"changes": [
{
"at": "10.0.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "10.0.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;10.0.1 versions.\u003c/span\u003e"
}
],
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin \u003c=\u00a010.0.1 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-15T12:40:26.988Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-10-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;10.0.2 or a higher version."
}
],
"value": "Update to\u00a010.0.2 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress PowerPress Podcasting Plugin \u003c= 10.0.1 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-30778",
"datePublished": "2023-08-15T12:40:26.988Z",
"dateReserved": "2023-04-17T12:29:35.716Z",
"dateUpdated": "2024-09-25T15:02:22.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1917 (GCVE-0-2023-1917)
Vulnerability from cvelistv5 – Published: 2023-06-09 05:33 – Updated: 2024-12-20 23:43
VLAI?
Summary
The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround.
Severity ?
5.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| amandato | PowerPress Podcasting plugin by Blubrry |
Affected:
* , ≤ 10.0
(semver)
|
Credits
Alex Thomas
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44583cb7-bc32-4e62-8431-f5f1f6baeff2?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/powerpress/trunk/powerpress-player.php#L102"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2896729/powerpress"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2899207/powerpress"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T23:25:52.154145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:43:13.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "amandato",
"versions": [
{
"lessThanOrEqual": "10.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Thomas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-09T05:33:15.873Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44583cb7-bc32-4e62-8431-f5f1f6baeff2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/powerpress/trunk/powerpress-player.php#L102"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2896729/powerpress"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2899207/powerpress"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-06T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-04-06T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-04-11T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1917",
"datePublished": "2023-06-09T05:33:15.873Z",
"dateReserved": "2023-04-06T19:10:31.104Z",
"dateUpdated": "2024-12-20T23:43:13.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24123 (GCVE-0-2021-24123)
Vulnerability from cvelistv5 – Published: 2021-03-18 14:57 – Updated: 2024-08-03 19:21
VLAI?
Title
PowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCE
Summary
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
Severity ?
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPress |
Affected:
8.3.8 , < 8.3.8
(custom)
|
Credits
Minh Tuan - SunCSR (Sun* Cyber Security Research)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "8.3.8",
"status": "affected",
"version": "8.3.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Minh Tuan - SunCSR (Sun* Cyber Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T14:57:47",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PowerPress \u003c 8.3.8 - Authenticated Arbitrary File Upload leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24123",
"STATE": "PUBLIC",
"TITLE": "PowerPress \u003c 8.3.8 - Authenticated Arbitrary File Upload leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.3.8",
"version_value": "8.3.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Minh Tuan - SunCSR (Sun* Cyber Security Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24123",
"datePublished": "2021-03-18T14:57:47",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9410 (GCVE-0-2015-9410)
Vulnerability from cvelistv5 – Published: 2019-09-25 23:04 – Updated: 2024-08-06 08:51
VLAI?
Summary
The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:51:04.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/powerpress/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T21:20:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/powerpress/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/powerpress/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/powerpress/#developers"
},
{
"name": "https://github.com/cybersecurityworks/Disclosed/issues/7",
"refsource": "MISC",
"url": "https://github.com/cybersecurityworks/Disclosed/issues/7"
},
{
"name": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9410",
"datePublished": "2019-09-25T23:04:20",
"dateReserved": "2019-09-25T00:00:00",
"dateUpdated": "2024-08-06T08:51:04.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1385 (GCVE-0-2015-1385)
Vulnerability from cvelistv5 – Published: 2015-02-02 15:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html"
},
{
"name": "72362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72362"
},
{
"name": "20150129 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534577/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/powerpress/changelog/"
},
{
"name": "20150130 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/130"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html"
},
{
"name": "72362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72362"
},
{
"name": "20150129 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534577/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/powerpress/changelog/"
},
{
"name": "20150130 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/130"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html"
},
{
"name": "72362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72362"
},
{
"name": "20150129 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534577/100/0/threaded"
},
{
"name": "https://wordpress.org/plugins/powerpress/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/powerpress/changelog/"
},
{
"name": "20150130 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/130"
},
{
"name": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/",
"refsource": "MISC",
"url": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1385",
"datePublished": "2015-02-02T15:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9227 (GCVE-0-2024-9227)
Vulnerability from nvd – Published: 2025-05-15 20:07 – Updated: 2025-05-17 03:01
VLAI?
Title
PowerPress Podcasting < 11.9.18 - Author+ XSS
Summary
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Severity ?
4.8 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPress Podcasting plugin by Blubrry |
Affected:
0 , < 11.9.18
(semver)
|
Credits
Krugov Artyom
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-17T03:00:34.153003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-17T03:01:18.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "Unknown",
"versions": [
{
"lessThan": "11.9.18",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krugov Artyom"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow admin users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T20:07:19.757Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/bb6515b9-a316-4146-8b7d-9b70a47aa366/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PowerPress Podcasting \u003c 11.9.18 - Author+ XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-9227",
"datePublished": "2025-05-15T20:07:19.757Z",
"dateReserved": "2024-09-26T18:02:27.048Z",
"dateUpdated": "2025-05-17T03:01:18.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9230 (GCVE-0-2024-9230)
Vulnerability from nvd – Published: 2025-04-14 06:00 – Updated: 2025-04-14 14:22
VLAI?
Title
PowerPress Podcasting < 11.9.18 - Author+ XSS via Podcast URL
Summary
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks
Severity ?
5.9 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPress Podcasting plugin by Blubrry |
Affected:
0 , < 11.9.18
(semver)
|
Credits
Bob Matyas
WPScan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9230",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T14:22:10.349752Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T14:22:16.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "Unknown",
"versions": [
{
"lessThan": "11.9.18",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bob Matyas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.9.18 does not sanitise and escape some of its settings when adding a podcast, which could allow author and above users to perform Stored Cross-Site Scripting attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T06:00:04.686Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/ab5eaf57-fb61-4a08-b439-42dea40b7914/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PowerPress Podcasting \u003c 11.9.18 - Author+ XSS via Podcast URL",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-9230",
"datePublished": "2025-04-14T06:00:04.686Z",
"dateReserved": "2024-09-26T18:10:12.484Z",
"dateUpdated": "2025-04-14T14:22:16.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41239 (GCVE-0-2023-41239)
Vulnerability from nvd – Published: 2023-11-13 02:42 – Updated: 2024-08-28 15:39
VLAI?
Title
WordPress PowerPress Podcasting Plugin <= 11.0.6 is vulnerable to Server Side Request Forgery (SSRF)
Summary
Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.
Severity ?
6.4 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Blubrry | PowerPress Podcasting plugin by Blubrry |
Affected:
n/a , ≤ 11.0.6
(custom)
|
Credits
Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-11-0-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T15:34:01.405077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T15:39:15.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "powerpress",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "Blubrry",
"versions": [
{
"changes": [
{
"at": "11.0.7",
"status": "unaffected"
}
],
"lessThanOrEqual": "11.0.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.\u003cp\u003eThis issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.\u003c/p\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-13T02:42:42.716Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-11-0-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;11.0.7 or a higher version."
}
],
"value": "Update to\u00a011.0.7 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress PowerPress Podcasting Plugin \u003c= 11.0.6 is vulnerable to Server Side Request Forgery (SSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-41239",
"datePublished": "2023-11-13T02:42:42.716Z",
"dateReserved": "2023-08-25T10:02:32.133Z",
"dateUpdated": "2024-08-28T15:39:15.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4820 (GCVE-0-2023-4820)
Vulnerability from nvd – Published: 2023-10-16 19:39 – Updated: 2025-03-05 16:25
VLAI?
Title
PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS
Summary
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPress Podcasting plugin by Blubrry |
Affected:
0 , < 11.0.12
(custom)
|
Credits
emad
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4820",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-19T19:09:51.771508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T16:25:51.915Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "Unknown",
"versions": [
{
"lessThan": "11.0.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "emad"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T19:39:21.880Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/e866a214-a142-43c7-b93d-ff2301a3e432"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PowerPress Podcasting \u003c 11.0.12 - Contributor+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-4820",
"datePublished": "2023-10-16T19:39:21.880Z",
"dateReserved": "2023-09-07T14:23:42.636Z",
"dateUpdated": "2025-03-05T16:25:51.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30778 (GCVE-0-2023-30778)
Vulnerability from nvd – Published: 2023-08-15 12:40 – Updated: 2024-09-25 15:02
VLAI?
Title
WordPress PowerPress Podcasting Plugin <= 10.0.1 is vulnerable to Cross Site Scripting (XSS)
Summary
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin <= 10.0.1 versions.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Blubrry | PowerPress Podcasting plugin by Blubrry |
Affected:
n/a , ≤ 10.0.1
(custom)
|
Credits
Mika (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-10-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-30778",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:32:10.369008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:02:22.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "powerpress",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "Blubrry",
"versions": [
{
"changes": [
{
"at": "10.0.2",
"status": "unaffected"
}
],
"lessThanOrEqual": "10.0.1",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mika (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;10.0.1 versions.\u003c/span\u003e"
}
],
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry plugin \u003c=\u00a010.0.1 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-15T12:40:26.988Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/powerpress/wordpress-powerpress-podcasting-plugin-by-blubrry-plugin-10-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;10.0.2 or a higher version."
}
],
"value": "Update to\u00a010.0.2 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress PowerPress Podcasting Plugin \u003c= 10.0.1 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-30778",
"datePublished": "2023-08-15T12:40:26.988Z",
"dateReserved": "2023-04-17T12:29:35.716Z",
"dateUpdated": "2024-09-25T15:02:22.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1917 (GCVE-0-2023-1917)
Vulnerability from nvd – Published: 2023-06-09 05:33 – Updated: 2024-12-20 23:43
VLAI?
Summary
The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround.
Severity ?
5.4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| amandato | PowerPress Podcasting plugin by Blubrry |
Affected:
* , ≤ 10.0
(semver)
|
Credits
Alex Thomas
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:26.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44583cb7-bc32-4e62-8431-f5f1f6baeff2?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/powerpress/trunk/powerpress-player.php#L102"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2896729/powerpress"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2899207/powerpress"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T23:25:52.154145Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T23:43:13.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerPress Podcasting plugin by Blubrry",
"vendor": "amandato",
"versions": [
{
"lessThanOrEqual": "10.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alex Thomas"
}
],
"descriptions": [
{
"lang": "en",
"value": "The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-09T05:33:15.873Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44583cb7-bc32-4e62-8431-f5f1f6baeff2?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/powerpress/trunk/powerpress-player.php#L102"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2896729/powerpress"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2899207/powerpress"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-06T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-04-06T00:00:00.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-04-11T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-1917",
"datePublished": "2023-06-09T05:33:15.873Z",
"dateReserved": "2023-04-06T19:10:31.104Z",
"dateUpdated": "2024-12-20T23:43:13.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24123 (GCVE-0-2021-24123)
Vulnerability from nvd – Published: 2021-03-18 14:57 – Updated: 2024-08-03 19:21
VLAI?
Title
PowerPress < 8.3.8 - Authenticated Arbitrary File Upload leading to RCE
Summary
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
Severity ?
No CVSS data available.
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | PowerPress |
Affected:
8.3.8 , < 8.3.8
(custom)
|
Credits
Minh Tuan - SunCSR (Sun* Cyber Security Research)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "8.3.8",
"status": "affected",
"version": "8.3.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Minh Tuan - SunCSR (Sun* Cyber Security Research)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T14:57:47",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "PowerPress \u003c 8.3.8 - Authenticated Arbitrary File Upload leading to RCE",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24123",
"STATE": "PUBLIC",
"TITLE": "PowerPress \u003c 8.3.8 - Authenticated Arbitrary File Upload leading to RCE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.3.8",
"version_value": "8.3.8"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Minh Tuan - SunCSR (Sun* Cyber Security Research)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/43aa30bf-eaf8-467a-93a1-78f9bdb37b36"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24123",
"datePublished": "2021-03-18T14:57:47",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-9410 (GCVE-0-2015-9410)
Vulnerability from nvd – Published: 2019-09-25 23:04 – Updated: 2024-08-06 08:51
VLAI?
Summary
The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:51:04.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/powerpress/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-29T21:20:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/powerpress/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cybersecurityworks/Disclosed/issues/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Blubrry PowerPress Podcasting plugin 6.0.4 for WordPress has XSS via the tab parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/powerpress/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/powerpress/#developers"
},
{
"name": "https://github.com/cybersecurityworks/Disclosed/issues/7",
"refsource": "MISC",
"url": "https://github.com/cybersecurityworks/Disclosed/issues/7"
},
{
"name": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html",
"refsource": "MISC",
"url": "https://cybersecurityworks.com/zerodays/cve-2015-9410-blubrry.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9410",
"datePublished": "2019-09-25T23:04:20",
"dateReserved": "2019-09-25T00:00:00",
"dateUpdated": "2024-08-06T08:51:04.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1385 (GCVE-0-2015-1385)
Vulnerability from nvd – Published: 2015-02-02 15:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html"
},
{
"name": "72362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72362"
},
{
"name": "20150129 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534577/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/powerpress/changelog/"
},
{
"name": "20150130 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/130"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html"
},
{
"name": "72362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72362"
},
{
"name": "20150129 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534577/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/powerpress/changelog/"
},
{
"name": "20150130 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Jan/130"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressadmin_categoryfeeds.php page to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130155/Blubrry-PowerPress-6.0-Cross-Site-Scripting.html"
},
{
"name": "72362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72362"
},
{
"name": "20150129 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534577/100/0/threaded"
},
{
"name": "https://wordpress.org/plugins/powerpress/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/powerpress/changelog/"
},
{
"name": "20150130 Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/130"
},
{
"name": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/",
"refsource": "MISC",
"url": "https://www.netsparker.com/cve-2015-1385-xss-vulnerability-in-blubrry-powerpress/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1385",
"datePublished": "2015-02-02T15:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}