CVE-2023-4820

Name of the Vulnerable Software and Affected Versions PowerPress Podcasting plugin by Blubrry WordPress plugin versions prior to 11.0.12

Description The issue concerns the PowerPress Podcasting plugin by Blubrry WordPress plugin, where it does not properly sanitize and escape the media URL field in posts. This could allow users with privileges as low as contributor to inject arbitrary web scripts, potentially targeting a site admin or superadmin.

Recommendations For versions prior to 11.0.12, update to version 11.0.12 or later to resolve the issue. As a temporary workaround, consider restricting the ability of contributors to edit posts or limiting their access to the media URL field until the update is applied.