Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Network vector, low complexity; PR:L for mandatory contributor auth; S:C for cross-site script execution in victim browser; no availability impact.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The fresh Podcaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'freshpodcaster' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AnalysisAI
Stored Cross-Site Scripting in the Fresh Podcaster WordPress plugin (all versions through 1.0.7) allows authenticated attackers holding at minimum contributor-level roles to inject persistent JavaScript payloads via unsanitized attributes of the 'freshpodcaster' shortcode. The injected script executes automatically in any visitor's browser upon loading an affected page, enabling session hijacking, credential theft, or unauthorized actions on behalf of higher-privileged users. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid WordPress account at contributor level or above - unauthenticated visitors cannot inject payloads. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.4 (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) accurately models the attack: network-reachable, low complexity, but gated behind contributor-level authentication (PR:L), which meaningfully limits opportunistic mass exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained a contributor account on a target WordPress site - through registration, credential theft, or purchase - creates a post embedding the 'freshpodcaster' shortcode with a JavaScript payload injected into one of its attributes, for example stealing the document.cookie value of any administrator who later views the post. Because the payload is stored server-side, no further attacker interaction is required; every subsequent page visit by any user triggers execution. … |
| Remediation | No patched version of Fresh Podcaster has been confirmed in the available intelligence - the most recent tag referenced (1.0.7) remains vulnerable. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43154
GHSA-hw45-p7q4-m97q