CVE-2023-4820
PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
16 Oct 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
Unknown · PowerPress Podcasting plugin by Blubrry