Stored Cross-Site Scripting Vulnerability in Fresh Podcaster Plugin for WordPress
CVE-2026-1382

6.4MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
11 July 2026

What is CVE-2026-1382?

The Fresh Podcaster plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate sanitization and escaping of user-supplied attributes within the 'freshpodcaster' shortcode. This weakness allows authenticated attackers with contributor-level permissions and higher to embed malicious web scripts into pages, which will execute in the browser of any user who visits the compromised page, leading to potential exploitation and unauthorized data access.

Affected Version(s)

fresh Podcaster 0 <= 1.0.7

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

zaim
.