Podlove Podcast Publisher — Vulnerabilities & Security Advisories 20

All 20 CVE vulnerabilities found in Podlove Podcast Publisher, with AI-generated Chinese analysis, references, and POCs.

Vendor: Unknown

CVE ID	Title	CVSS	Severity	Published
CVE-2026-32448	WordPress Podlove Podcast Publisher plugin <= 4.3.3 - Cross Site Scripting (XSS) vulnerability CWE-79	5.4	-	2026-03-13
CVE-2025-10147	Podlove Podcast Publisher <= 4.2.6 - Unauthenticated Arbitrary File Upload CWE-434	9.8	Critical	2025-09-23
CVE-2025-58204	WordPress Podlove Podcast Publisher Plugin <= 4.2.5 - Open Redirection Vulnerability CWE-601	4.7	Medium	2025-08-27
CVE-2024-13730	Podlove Podcast Publisher < 4.2.1 - Admin+ Stored XSS	4.8^AI	Medium^AI	2025-05-15
CVE-2024-13729	Podlove Podcast Publisher < 4.1.24 - Admin+ Stored XSS	4.8^AI	Medium^AI	2025-05-15
CVE-2025-1383	Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function CWE-352	4.3	Medium	2025-03-06
CVE-2025-0554	Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name CWE-79	4.4	Medium	2025-01-18
CVE-2024-52393	WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerability CWE-82	9.1	Critical	2024-11-14
CVE-2024-43984	WordPress Podlove Podcast Publisher plugin <= 4.1.13 - CSRF to Remote Code Execution (RCE) vulnerability CWE-352	9.6	Critical	2024-10-31
CVE-2024-43983	WordPress Podlove Podcast Publisher plugin <= 4.1.13 - Cross Site Scripting (XSS) vulnerability CWE-79	6.5	Medium	2024-09-17
CVE-2024-32143	WordPress Podlove Podcast Publisher plugin <= 4.1.0 - Broken Access Control vulnerability CWE-862	4.3	Medium	2024-06-11
CVE-2024-32712	WordPress Podlove Podcast Publisher plugin <= 4.0.14 - Broken Access Control vulnerability CWE-862	7.5	High	2024-05-09
CVE-2024-32812	WordPress Podlove Podcast Publisher plugin <= 4.0.11 - Server Side Request Forgery (SSRF) vulnerability CWE-918	5.4	Medium	2024-04-24
CVE-2024-32139	WordPress Podlove Podcast Publisher plugin <= 4.0.12 - SQL Injection vulnerability CWE-89	8.5	High	2024-04-15
CVE-2024-29915	WordPress Podlove Podcast Publisher plugin <= 4.0.9 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79	7.1	High	2024-03-27
CVE-2024-1110	Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import CWE-862	5.3	Medium	2024-02-07
CVE-2024-1109	Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export CWE-862	5.3	Medium	2024-02-07
CVE-2023-25472	WordPress Podlove Podcast Publisher Plugin <= 3.8.3 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352	4.3	Medium	2023-05-23
CVE-2023-25046	WordPress Podlove Podcast Publisher Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS) CWE-79	5.9	Medium	2023-04-07
CVE-2021-24666	Podlove Podcast Publisher < 3.5.6 - Unauthenticated SQL Injection CWE-89	9.8	-	2021-09-27

All 20 known CVE vulnerabilities affecting Podlove Podcast Publisher with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

Podlove Podcast Publisher — Vulnerabilities & Security Advisories 20