Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.12.5.
Published: 2025-04-09
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of input that permits DOM‑based cross‑site scripting within the PowerPress Podcasting plugin. When untrusted data is included in generated pages, an attacker can inject malicious JavaScript that executes in the victim’s browser context.

Affected Systems

WordPress installations that use blubrry PowerPress Podcasting plugin version 11.12.5 or earlier are affected. The flaw spans all releases from the initial version through 11.12.5.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild at present. The vulnerability is not listed in the CISA KEV catalog. As a DOM‑based flaw, exploitation requires delivery of crafted input—typically a malicious URL or content—to a victim’s browser, meaning attacker success depends on user interaction with the vulnerable site.

Generated by OpenCVE AI on May 2, 2026 at 02:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the PowerPress Podcasting plugin to version 11.12.6 or newer, which removes the XSS flaw.
  • Sanitize or validate any untrusted input that could be rendered by the plugin before it reaches the browser.
  • Implement a Content Security Policy that restricts script execution to trusted sources and disallows inline scripts.

Generated by OpenCVE AI on May 2, 2026 at 02:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10563 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through 11.12.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through 11.12.5. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.12.5.
Title WordPress PowerPress Podcasting <= 11.12.5 - Cross Site Scripting (XSS) Vulnerability WordPress PowerPress Podcasting plugin <= 11.12.5 - Cross Site Scripting (XSS) Vulnerability
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Mon, 05 May 2025 17:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS. This issue affects PowerPress Podcasting: from n/a through 11.12.4. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS.This issue affects PowerPress Podcasting: from n/a through 11.12.5.
Title WordPress PowerPress Podcasting <= 11.12.4 - Cross Site Scripting (XSS) Vulnerability WordPress PowerPress Podcasting <= 11.12.5 - Cross Site Scripting (XSS) Vulnerability

Wed, 09 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 09 Apr 2025 16:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Angelo Mandato PowerPress Podcasting allows DOM-Based XSS. This issue affects PowerPress Podcasting: from n/a through 11.12.4.
Title WordPress PowerPress Podcasting <= 11.12.4 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:28.399Z

Reserved: 2025-04-09T11:21:30.217Z

Link: CVE-2025-32690

cve-icon Vulnrichment

Updated: 2025-04-09T17:43:15.808Z

cve-icon NVD

Status : Deferred

Published: 2025-04-09T17:15:53.010

Modified: 2026-04-23T15:29:21.367

Link: CVE-2025-32690

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T02:30:25Z

Weaknesses