VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 23 known issues Latest disclosed Mar 08, 2026

Podlove Podcast Publisher Vulnerabilities

Review known vulnerability records for the WordPress plugin Podlove Podcast Publisher (`podlove-podcasting-plugin-for-wordpress`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-32448, CVE-2025-10147 and CVE-2025-58204, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
23
High or Critical
8
Patch Coverage
100%
Last Updated
Apr 15, 2026
Priority CVE Quick Links

Fast paths into Podlove Podcast Publisher CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
23
CVE-2024-32139 Critical 4.0.14
CVE-2024-32139 Podlove Podcast Publisher SQL Injection

Podlove Podcast Publisher <= 4.0.12 - Authenticated (Contributor+) SQL Injection

CVE-2025-10147 Critical 4.2.7
CVE-2025-10147 Podlove Podcast Publisher Remote Code Execution

Podlove Podcast Publisher <= 4.2.6 - Unauthenticated Arbitrary File Upload

CVE-2021-24666 Critical 3.5.6
CVE-2021-24666 Podlove Podcast Publisher SQL Injection

Podlove Podcast Publisher <= 3.5.5 - Unauthenticated SQL Injection

CVE-2024-43984 High 4.1.14
CVE-2024-43984 Podlove Podcast Publisher Remote Code Execution

Podlove Podcast Publisher <= 4.1.13 - Cross-Site Request Forgery to Remote Code Execution

CVE-2016-10942 High 2.3.16
CVE-2016-10942 Podlove Podcast Publisher SQL Injection

Podlove Podcast Publisher < 2.3.16 - SQL Injection

CVE-2016-10941 High 2.3.16
CVE-2016-10941 Podlove Podcast Publisher Cross-Site Scripting

Podlove Podcast Publisher < 2.3.16 - Cross-Site Request Forgery to Cross-Site Scripting

CVE-2017-12949 High 2.6.0
CVE-2017-12949 Podlove Podcast Publisher SQL Injection

Podlove Podcast Publisher <= 2.5.3 - Authenticated SQL Injection

CVE-2024-52393 High 4.1.17
CVE-2024-52393 Podlove Podcast Publisher Remote Code Execution

Podlove Podcast Publisher <= 4.1.15 - Authenticated (Admin+) Remote Code Execution

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Podlove Podcast Publisher so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
23 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
3 critical and 5 high severity findings.
Recent CVEs
CVE-2026-32448, CVE-2025-10147 and CVE-2025-58204
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Podlove Podcast Publisher

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-32448
CVE-2026-32448: Podlove Podcast Publisher <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access an...

Published
Mar 08, 2026
Patched Release
4.3.4
Affected Versions
Versions up to 4.3.3
Next Step
Update to 4.3.4 or newer if supported.
Open CVE-2026-32448 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2025-10147
CVE-2025-10147: Podlove Podcast Publisher <= 4.2.6 - Unauthenticated Arbitrary File Upload

The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated attackers to upload arbit...

Published
Sep 22, 2025
Patched Release
4.2.7
Affected Versions
Versions up to 4.2.6
Next Step
Update to 4.2.7 or newer if supported.
Open CVE-2025-10147 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-58204
CVE-2025-58204: Podlove Podcast Publisher <= 4.2.5 - Open Redirect

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.2.5. This is due to insufficient validation on the redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentiall...

Published
Aug 27, 2025
Patched Release
4.2.6
Affected Versions
Versions up to 4.2.5
Next Step
Update to 4.2.6 or newer if supported.
Open CVE-2025-58204 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-1383
CVE-2025-1383: Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete Function

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated at...

Published
Mar 05, 2025
Patched Release
4.2.3
Affected Versions
Versions up to 4.2.2
Next Step
Update to 4.2.3 or newer if supported.
Open CVE-2025-1383 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13730
CVE-2024-13730: Podlove Podcast Publisher <= 4.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admi...

Published
Mar 03, 2025
Patched Release
4.2.1
Affected Versions
Versions up to 4.2.0
Next Step
Update to 4.2.1 or newer if supported.
Open CVE-2024-13730 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13729
CVE-2024-13729: Podlove Podcast Publisher <= 4.1.23 - Authenticated (Admin+) Stored Cross-Site Scripting

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.1.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with adm...

Published
Mar 03, 2025
Patched Release
4.1.24
Affected Versions
Versions up to 4.1.23
Next Step
Update to 4.1.24 or newer if supported.
Open CVE-2024-13729 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-0554
CVE-2025-0554: Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version

Published
Jan 17, 2025
Patched Release
4.2.0
Affected Versions
Versions up to 4.1.25
Next Step
Update to 4.2.0 or newer if supported.
Open CVE-2025-0554 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-52393
CVE-2024-52393: Podlove Podcast Publisher <= 4.1.15 - Authenticated (Admin+) Remote Code Execution

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.1.15. This makes it possible for authenticated attackers, with administrator-level access and above, to execute code on the server.

Published
Nov 11, 2024
Patched Release
4.1.17
Affected Versions
Versions up to 4.1.15
Next Step
Update to 4.1.17 or newer if supported.
Open CVE-2024-52393 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-43983
CVE-2024-43983: Podlove Podcast Publisher <= 4.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.1.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

Published
Aug 28, 2024
Patched Release
4.1.14
Affected Versions
Versions up to 4.1.13
Next Step
Update to 4.1.14 or newer if supported.
Open CVE-2024-43983 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-43984
CVE-2024-43984: Podlove Podcast Publisher <= 4.1.13 - Cross-Site Request Forgery to Remote Code Execution

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.13. This is due to missing or incorrect nonce validation on the 'get', 'update', 'create', and 'delete' functions. This makes it possible for unaut...

Published
Aug 28, 2024
Patched Release
4.1.14
Affected Versions
Versions up to 4.1.13
Next Step
Update to 4.1.14 or newer if supported.
Open CVE-2024-43984 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-32712
CVE-2024-32712: Podlove Podcast Publisher <= 4.0.14 - Cross-Site Request Forgery

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.14. This is due to missing or incorrect nonce validation on the job_create() and job_delete() functions. This makes it possible for unauthentic...

Published
Apr 22, 2024
Patched Release
4.0.15
Affected Versions
Versions up to 4.0.14
Next Step
Update to 4.0.15 or newer if supported.
Open CVE-2024-32712 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-32812
CVE-2024-32812: Podlove Podcast Publisher <= 4.0.11 - Authenticated (Contributor+) Server-Side Request Forgery

The Podlove Podcast Publisher plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.11 via the fetch_url_meta function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web r...

Published
Apr 22, 2024
Patched Release
4.0.12
Affected Versions
Versions up to 4.0.11
Next Step
Update to 4.0.12 or newer if supported.
Open CVE-2024-32812 Report Open CVE Reference