Stored Cross-Site Scripting Vulnerability in Fresh Podcaster Plugin for WordPress
CVE-2026-1382
6.4MEDIUM
What is CVE-2026-1382?
The Fresh Podcaster plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate sanitization and escaping of user-supplied attributes within the 'freshpodcaster' shortcode. This weakness allows authenticated attackers with contributor-level permissions and higher to embed malicious web scripts into pages, which will execute in the browser of any user who visits the compromised page, leading to potential exploitation and unauthorized data access.
Affected Version(s)
fresh Podcaster 0 <= 1.0.7