Plugin icon

Podlove Podcast Publisher

podlove-podcasting-plugin-for-wordpress

Vulnerabilities:

21

Last Updated:

February 20, 2026

Active Installs:

3000

Published
Title
Fixed in
CVSS
Published
2025-09-22
Title
Podlove Podcast Publisher < 4.2.7 - Unauthenticated Arbitrary File Upload
Fixed in
Fixed in 4.2.7
CVSS
9.8 (critical)
Published
2025-08-27
Title
Podlove Podcast Publisher < 4.2.6 - Open Redirect
Fixed in
Fixed in 4.2.6
CVSS
6.1 (medium)
Published
2025-03-05
Title
Podlove Podcast Publisher < 4.2.3 - Cross-Site Request Forgery via ajax_transcript_delete Function
Fixed in
Fixed in 4.2.3
CVSS
4.3 (medium)
Published
2025-01-17
Title
Podlove Podcast Publisher < 4.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name
Fixed in
Fixed in 4.2.0
CVSS
4.4 (medium)
Published
2024-11-28
Title
Podlove Podcast Publisher < 4.1.24 - Admin+ Stored XSS
Fixed in
Fixed in 4.1.24
CVSS
3.5 (low)
Published
2024-11-28
Title
Podlove Podcast Publisher < 4.2.1 - Admin+ Stored XSS
Fixed in
Fixed in 4.2.1
CVSS
3.5 (low)
Published
2024-11-11
Title
Podlove Podcast Publisher < 4.1.17 - Authenticated (Admin+) Remote Code Execution
Fixed in
Fixed in 4.1.17
CVSS
7.2 (high)
Published
2024-08-28
Title
Podlove Podcast Publisher < 4.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
Fixed in
Fixed in 4.1.14
CVSS
6.4 (medium)
Published
2024-08-28
Title
Podlove Podcast Publisher < 4.1.14 - Cross-Site Request Forgery to Remote Code Execution
Fixed in
Fixed in 4.1.14
CVSS
8.8 (high)
Published
2024-04-22
Title
Podlove Podcast Publisher < 4.0.15 - Cross-Site Request Forgery
Fixed in
Fixed in 4.0.15
CVSS
4.3 (medium)
Published
2024-04-22
Title
Podlove Podcast Publisher < 4.0.12 - Authenticated (Contributor+) Server-Side Request Forgery
Fixed in
Fixed in 4.0.12
CVSS
4.3 (medium)
Published
2024-04-12
Title
Podlove Podcast Publisher < 4.1.1 - Missing Authorization
Fixed in
Fixed in 4.1.1
CVSS
4.3 (medium)
Published
2024-04-12
Title
Podlove Podcast Publisher < 4.0.14 - Authenticated (Contributor+) SQL Injection
Fixed in
Fixed in 4.0.14
CVSS
9.9 (critical)
Published
2024-03-25
Title
Podlove Podcast Publisher < 4.0.10 - Reflected Cross-Site Scripting
Fixed in
Fixed in 4.0.10
CVSS
6.1 (medium)
Published
2024-02-06
Title
Podlove Podcast Publisher < 4.0.12 - Missing Authorization to Unauthenticated Data Export
Fixed in
Fixed in 4.0.12
CVSS
5.3 (medium)
Published
2024-02-06
Title
Podlove Podcast Publisher < 4.0.12 - Missing Authorization to Settings Import
Fixed in
Fixed in 4.0.12
CVSS
5.3 (medium)
Published
2023-02-17
Title
Podlove Podcast Publisher <= 3.8.3 - Cross-Site Request Forgery
Fixed in
Fixed in 3.8.4
CVSS
4.3 (medium)
Published
2023-02-03
Title
Podlove Podcast Publisher < 3.8.3 - Admin+ Stored XSS
Fixed in
Fixed in 3.8.3
CVSS
3.5 (low)
Published
2021-08-24
Title
Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection
Fixed in
Fixed in 3.5.6
CVSS
6.8 (medium)
Published
2017-08-07
Title
Podlove Podcast Publisher < 2.6.0 - Authenticated SQL Injection
Fixed in
Fixed in 2.6.0
CVSS
8.8 (high)
Published
2016-12-14
Title
Podlove Podcast Publisher <= 2.3.15 - Multiple SQLi & XSS
Fixed in
Fixed in 2.3.16
CVSS
9.8 (critical)