Cross-Site Scripting Vulnerability in Podlove Podcasting Plugin for WordPress
CVE-2016-10941

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Podlove Podcast Publisher
Vendor
CVE Published:
13 September 2019

What is CVE-2016-10941?

The Podlove Podcasting Plugin for WordPress prior to version 2.3.16 is vulnerable to a cross-site scripting (XSS) attack, which can be triggered through a cross-site request forgery (CSRF). This vulnerability allows unauthorized users to inject malicious scripts into the web application, potentially compromising user data and allowing attackers to perform unauthorized actions. It is essential for users to upgrade to the latest version to protect their sites from possible exploitation.

References

https://wordpress.org/plugins/podlove-podcasting-plugin-f...
x_refsource_MISC
https://blog.ripstech.com/2016/the-state-of-wordpress-sec...
x_refsource_MISC
https://github.com/podlove/podlove-publisher/blob/master/...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.