WordPress Plugin Vulnerabilities

Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS

Description

The plugin allows users with any role capable of editing or adding posts to perform stored XSS.

Proof of Concept

Affects Plugins

Plugin icon
podcast-subscribe-buttons
Fixed in 1.4.2

References

CVE
CVE-2021-24743

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
998395f0-f176-45b9-baf7-b50d30538c7d

Timeline

Publicly Published
2021-09-15 (about 4 years ago)
Added
2021-09-15 (about 4 years ago)
Last Updated
2022-04-08 (about 3 years ago)

Other

Published
Title
Published
2024-07-10
Title
Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting
Published
2024-09-26
Title
Premium Addons for Elementor < 4.10.53 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget
Published
2023-09-05
Title
User Submitted Posts < 20230901 - Contributor+ Stored XSS via Shortcode
Published
2025-05-07
Title
DoFollow Case by Case <= 3.5.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2014-09-28
Title
WP Photo Album Plus 5.4.4 & 5.4.3 Cross-Site Scripting (XSS)