Podcast Channels < 0.28 – Unauthenticated Reflected XSS | CVE 2014-4544

Affects Plugins

podcast-channels

Fixed in 0.28

References

CVE

CVE-2014-4544

URL

https://codevigilant.com/disclosure/wp-plugin-podcast-channels-a3-cross-site-scripting-xss/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Verified

No

WPVDB ID

72a5a0e1-e720-45a9-b9d4-ee3144939abb

Timeline

Publicly Published

2014-04-25 (about 11 years ago)

Added

2019-12-28 (about 6 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2014-08-01

Title

WordPress-to-Lead for Salesforce CRM 1.0 - salesforce.php Multiple Parameter XSS

Published

2023-05-09

Title

Post Snippets < 4.0.3 - Admin+ Stored XSS

Published

2014-06-12

Title

WP Guestmap <= 1.8 - Multiple XSS

Published

2021-06-11

Title

Welcart e-Commerce < 2.2.4 - Cross-Site Scripting (XSS)

Published

2025-03-03

Title

Registrations for The Events Calendar < 2.13.4 - Admin+ Stored XSS