CVE-2024-32139

HIGH

Podlove Podcast Publisher <4.0.12 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-32139. PoCs published by certuscyber.

AI-analyzed exploit summary The repository contains functional exploit code for multiple WordPress plugin vulnerabilities, including SQL injection (CVE-2014-5182, CVE-2014-5185) and insecure deserialization (CVE-2020-29045). The PoCs include authentication, payload delivery, and data exfiltration logic.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Publisher: from n/a through 4.0.12.

Exploits (1)

github WORKING POC 3 stars
by certuscyber · pythonpoc
https://github.com/certuscyber/cve-pocs/tree/main/CVE-2024-32139

The repository contains functional exploit code for multiple WordPress plugin vulnerabilities, including SQL injection (CVE-2014-5182, CVE-2014-5185) and insecure deserialization (CVE-2020-29045). The PoCs include authentication, payload delivery, and data exfiltration logic.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WordPress YAWPP plugin <= 1.2, WordPress Quartz plugin <= 1.01.1
Auth required
Prerequisites: WordPress admin/contributor credentials · Target plugin installed and activated
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 8.5
EPSS 0.0096
EPSS Percentile 57.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
Podlove/Podlove Podcast Publisher < 4.0.12
podlove/podlove_podcast_publisher < 4.0.12
Published Apr 15, 2024
Tracked Since Feb 18, 2026