What the vulnerability does
01Description
Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
Explanation of Vulnerability in Simple Terms
PowerPress Podcasting contains a SQL injection vulnerability in its database query handling. An attacker with low-level site access can craft malicious input to read sensitive data from the database, including user information and site configuration. The vulnerability also allows limited disruption of site availability. Update to a version newer than 11.15.10.
What an attacker can do
Read sensitive data from the site database, including user records and configuration.
Potential impact on your site
User data and site configuration exposed; potential site instability or downtime.
Conditions required to exploit
Attacker must have a low-privilege account on the site (subscriber or contributor level).
Key dates
External resources
Related vulnerabilities