Browse all 13 CVE security advisories affecting Podlove. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Podlove is an open-source podcast publishing platform primarily used for creating and managing podcast episodes. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The platform's 13 recorded CVEs highlight consistent security concerns, particularly in input validation and access control mechanisms. While no major public security incidents have been widely documented, the recurring nature of vulnerabilities suggests potential risks for unpatched installations. Users should maintain regular updates and implement proper security hardening to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-25481 | WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF) — Podlove Subscribe buttonCWE-352 | 5.4 | Medium | 2023-05-23 |
| CVE-2023-25479 | WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) — Podlove Subscribe buttonCWE-79 | 5.9 | Medium | 2023-04-25 |
This page lists every published CVE security advisory associated with Podlove. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.