CVE-2014-4544

MEDIUM NUCLEI

WordPress Podcast Channels <0.20 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php.

Nuclei Templates (1)

Podcast Channels < 0.28 - Cross-Site Scripting

MEDIUMby daffainfo

References (1)

[Third Party Advisory] http://codevigilant.com/disclosure/wp-plugin-podcast-channels-a3-cross-site-scripting-xss

Scores

CVSS v3 6.1

EPSS 0.0258

EPSS Percentile 85.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

podcast_channels_project/podcast_channels < 0.20

Published Dec 27, 2019

Tracked Since Feb 18, 2026