Skip to main content

Powerpress Podcasting

2 CVEs product

Monthly

CVE-2026-24637 HIGH This Week

SQL injection in the Blubrry PowerPress Podcasting WordPress plugin through version 11.15.10 allows authenticated users with Contributor-level privileges to inject arbitrary SQL into backend queries. The flaw, reported by Patchstack and tracked as EUVD-2026-36910, scores CVSS 8.5 due to scope change reaching the underlying database, but no public exploit identified at time of analysis. Confidentiality impact is high while integrity is unaffected, suggesting data exfiltration rather than tampering is the primary risk.

SQLi Powerpress Podcasting
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2026-32351 MEDIUM This Month

Stored XSS in blubrry PowerPress Podcasting through version 11.15.13 permits authenticated administrators with high privileges to inject malicious scripts that persist in web pages and execute in other users' browsers. An attacker with admin credentials can inject arbitrary JavaScript to steal session tokens, modify content, or perform actions on behalf of victims. No patch is currently available for this vulnerability.

XSS Powerpress Podcasting
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
EPSS 0% CVSS 8.5
HIGH This Week

SQL injection in the Blubrry PowerPress Podcasting WordPress plugin through version 11.15.10 allows authenticated users with Contributor-level privileges to inject arbitrary SQL into backend queries. The flaw, reported by Patchstack and tracked as EUVD-2026-36910, scores CVSS 8.5 due to scope change reaching the underlying database, but no public exploit identified at time of analysis. Confidentiality impact is high while integrity is unaffected, suggesting data exfiltration rather than tampering is the primary risk.

SQLi Powerpress Podcasting
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Stored XSS in blubrry PowerPress Podcasting through version 11.15.13 permits authenticated administrators with high privileges to inject malicious scripts that persist in web pages and execute in other users' browsers. An attacker with admin credentials can inject arbitrary JavaScript to steal session tokens, modify content, or perform actions on behalf of victims. No patch is currently available for this vulnerability.

XSS Powerpress Podcasting
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy