PowerPress Podcasting plugin by Blubrry

Vulnerabilities 28Slug powerpressLatest version 11.16.5WordPress.org →

Minimum safe version

11.15.16

Update to 11.15.16 or later to address 28 fixable vulnerabilities

Latest available11.16.5
N/A
2026-04-07< 11.15.16

Blubrry PowerPress <= 11.15.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via powerpress and podcast Shortcodes

WordfenceCVE
Medium 5.9
2026-03-13< 11.15.14

CVE-2026-32351

CVEWordfence
Medium 4.8
2025-05-15< 11.9.18

PowerPress Podcasting <= 11.9.17 - Authenticated (Author+) Stored Cross-Site Scripting

EUVDWordfenceCVE
Medium 5.9
2025-04-14< 11.9.18

PowerPress Podcasting <= 11.9.17 - Authenticated (Author+) Stored Cross-Site Scripting

EUVDWordfenceCVE
Critical 10.0
2024-06-28< 11.9.5

WordPress PowerPress Podcasting Plugin 11.9.3–11.9.4 is vulnerable to Backdoor

PatchstackCVE
Medium 5.4
2023-10-17< 11.0.12

WordPress PowerPress Podcasting Plugin < 11.0.12 is vulnerable to Cross Site Scripting (XSS)

PatchstackCVEWPScan
N/A
2023-09-15< 11.0.11

WordPress PowerPress Podcasting Plugin < 11.0.11 is vulnerable to Cross Site Scripting (XSS)

Patchstack
N/A
2023-09-13< 11.0.11

PowerPress <= 11.0.11 - Authenticated(Contributor+) Stored Cross-Site Scripting via Media URL

Wordfence
N/A
2023-06-06< 10.2.4

PowerPress <= 10.2.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Feed[title]'

Wordfence
N/A
2023-06-07< 10.2.4

WordPress PowerPress Podcasting Plugin <= 10.2.3 is vulnerable to Cross Site Scripting (XSS)

Patchstack
N/A
2015-09-14< 6.0.5

WordPress Blubrry PowerPress Podcasting Plugin <= 6.0.4 - XSS

Patchstack
N/A
2020-10-11< 8.3.8

WordPress PowerPress Podcasting plugin <= 8.3.7 - Authenticated Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability

Patchstack
N/A
2021-05-14< 8.6.2

WordPress PowerPress Podcasting plugin <= 8.6.1 - Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities

Patchstack