Cross-Site Scripting Vulnerability in Blubrry PowerPress Podcasting Plugin for WordPress
CVE-2015-1385

Currently unrated

Key Information:

Vendor: Wordpress
Status: Powerpress
Vendor: CVE Published:; 2 February 2015

Summary

The Blubrry PowerPress Podcasting plugin for WordPress has a cross-site scripting (XSS) vulnerability that enables remote attackers to inject arbitrary web scripts or HTML. This occurs through the 'cat' parameter in the 'powerpress-editcategoryfeed' action on the 'powerpressadmin_categoryfeeds.php' page, accessible via 'wp-admin/admin.php'. If successfully exploited, attackers can compromise the security of the affected WordPress sites, potentially leading to unauthorized access and data theft.

References

http://packetstormsecurity.com/files/130155/Blubrry-Power...

x_refsource_MISC

http://www.securityfocus.com/bid/72362

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/534577/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Feb 2, 2015
Vulnerability Reserved
Jan 27, 2015