CVE-2024-52393
EUVD-2024-4588314.11.2024, 18:15
Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1.15.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| podlove | podlove_podcast_publisher | 𝑥 ≤ 4.1.15 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| podlove | podlove_podcast_publisher | 𝑥 ≤ 4.1.15 | ADP |
Common Weakness Enumeration
- CWE-82 - Improper Neutralization of Script in Attributes of IMG Tags in a Web PageThe web application does not neutralize or incorrectly neutralizes scripting elements within attributes of HTML IMG tags, such as the src attribute.
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.