Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Podcast_subscribe_buttons
(Secondlinethemes)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-10-18 | CVE-2021-24743 | The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS. | Podcast_subscribe_buttons | 5.4 | ||
| 2023-10-20 | CVE-2023-5308 | The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | Podcast_subscribe_buttons | 5.4 |