Impact
A SQL injection flaw exists in the PowerPress Podcasting WordPress plugin when installed in versions 11.15.10 or earlier. The vulnerability allows an attacker to supply crafted input that is not properly sanitized, enabling the execution of arbitrary SQL statements. This could allow the attacker to read, modify, or delete data stored in the WordPress database, potentially exposing sensitive information, corrupting content, or creating privileged accounts.
Affected Systems
WordPress sites running the Blubrry Podcasting PowerPress plugin version 11.15.10 or older are affected. The vendor’s advisory recommends updating to version 11.15.11 or later, which contains the necessary input‑validation fixes.
Risk and Exploitability
The issue carries a CVSS score of 8.5, indicating high severity, but the EPSS score is below 1%, suggesting a low likelihood of active exploitation at present. It is not listed in the CISA KEV catalog. The likely attack vector involves a web-based form or configuration interface processed by the plugin; an attacker would need access to submit the malicious payload. Although exploitation requires a vulnerable plugin instance, the potential impact on data confidentiality and integrity is substantial if successful.
OpenCVE Enrichment