Stored Cross-Site Scripting Vulnerability in PowerPress Podcasting Plugin
CVE-2024-9543

6.4MEDIUM

Key Information:

Vendor
Wordpress
Status
Powerpress Podcasting Plugin By Blubrry
Vendor
CVE Published:
11 October 2024

Summary

The Blubrry PowerPress Podcasting plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability through its 'skipto' shortcode. This vulnerability arises from inadequate input sanitization and output escaping of user-supplied attributes, allowing authenticated users with contributor-level access or higher to inject arbitrary web scripts. The malicious scripts can be executed when users access the compromised pages, posing significant risks to website security.

Affected Version(s)

PowerPress Podcasting plugin by Blubrry * <= 11.9.18

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/powerpress/tag...
https://plugins.trac.wordpress.org/browser/powerpress/tag...

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jack Taylor
.