Stored Cross-Site Scripting Vulnerability in Blubrry PowerPress Podcasting Plugin for WordPress
CVE-2024-9230

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Powerpress Podcasting Plugin By Blubrry
Vendor: CVE Published:; 14 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Blubrry PowerPress Podcasting plugin for WordPress prior to version 11.9.18 is susceptible to stored cross-site scripting (XSS) vulnerabilities due to improper sanitization and escaping of certain settings when adding a podcast. This flaw potentially allows users with author or higher permissions to inject malicious scripts, leading to unauthorized actions and the compromise of user accounts. Mitigating this risk requires immediate updates to the plugin to address the security weakness.

Affected Version(s)

PowerPress Podcasting plugin by Blubrry 0 < 11.9.18

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-9230 - Proof of Concept

References

https://wpscan.com/vulnerability/ab5eaf57-fb61-4a08-b439-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Apr 14, 2025
👾
Exploit known to exist
Apr 14, 2025
Vulnerability published
Apr 14, 2025
Vulnerability Reserved
Sep 26, 2024

Credit

Bob Matyas

WPScan