Filtered by vendor Secondlinethemes Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5308 1 Secondlinethemes 1 Podcast Subscribe Buttons 2024-11-21 6.4 Medium
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2023-23797 1 Secondlinethemes 1 Auto Youtube Importer 2024-11-21 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions.
CVE-2022-1023 1 Secondlinethemes 1 Podcast Importer Secondline 2024-11-21 7.2 High
The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file
CVE-2021-24743 1 Secondlinethemes 1 Podcast Subscribe Buttons 2024-11-21 5.4 Medium
The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS.