{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-0554", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-01-17T17:19:12.656Z", "datePublished": "2025-01-18T05:33:48.811Z", "dateUpdated": "2026-04-08T16:46:49.147Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:49.147Z"}, "affected": [{"vendor": "eteubert", "product": "Podlove Podcast Publisher", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.1.25", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "title": "Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39d41772-49f3-4bce-a170-cbe64ba99184?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3217075%40podlove-podcasting-plugin-for-wordpress&new=3217075%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jon Cagan"}, {"lang": "en", "type": "finder", "value": "VigilAInce Seeker"}], "timeline": [{"time": "2025-01-17T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-22T14:20:11.210598Z", "id": "CVE-2025-0554", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-22T14:20:16.492Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0554", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-22T14:20:11.210598Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-22T14:20:06.163Z"}}], "cna": {"title": "Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name", "credits": [{"lang": "en", "type": "finder", "value": "Jon Cagan"}, {"lang": "en", "type": "finder", "value": "VigilAInce Seeker"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "eteubert", "product": "Podlove Podcast Publisher", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.1.25"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-01-17T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39d41772-49f3-4bce-a170-cbe64ba99184?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3217075%40podlove-podcasting-plugin-for-wordpress&new=3217075%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:49.147Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0554", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:46:49.147Z", "dateReserved": "2025-01-17T17:19:12.656Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-01-18T05:33:48.811Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:podlove:podlove_podcast_publisher:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D7088445-3ACD-47FD-8A4A-88126ABB1C37", "versionEndExcluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}, {"lang": "es", "value": "El complemento Podlove Podcast Publisher para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del valor del nombre del feed en la versi\u00f3n &lt;= 4.1.25 debido a una cantidad insuficiente de desinfecci\u00f3n de entrada y de escape de salida. Esto permite que atacantes autenticados, con acceso de nivel de administrador, inyecten Scripts web arbitraria en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a instalaciones multisitio e instalaciones donde se ha deshabilitado unfiltered_html."}], "id": "CVE-2025-0554", "lastModified": "2025-03-19T19:53:31.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-18T06:15:28.160", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3217075%40podlove-podcasting-plugin-for-wordpress&new=3217075%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39d41772-49f3-4bce-a170-cbe64ba99184?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T13:33:09.536480+00:00", "value": {"mitigation_remediation": ["Upgrade Podlove Podcast Publisher to version 4.1.26 or later to apply the vendor\u2019s fix.", "Review and sanitize existing Feed Names that may contain injected scripts, removing any embedded code.", "Restrict the unfiltered_html capability to trusted administrators only, disabling it for lower\u2011privilege users to prevent accidental malicious injections."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting that lets an administrator inject scripts that will execute automatically in any user\u2019s browser when the page is viewed"}, "threat_synthesis": {"affected_systems": "The flaw affects installations of Podlove Podcast Publisher version 4.1.25 or earlier on WordPress. It only manifests on multi\u2011site setups where the unfiltered_html capability is disabled. The affected vendor is eteubert and the product is Podlove Podcast Publisher.", "description_and_impact": "The vulnerability stems from insufficient sanitization of the Feed Name field in Podlove Podcast Publisher. Attackers with administrator privileges can store malicious JavaScript in this field, which is then rendered without escaping. When a user opens the affected page, the browser executes the embedded script, enabling theft of session data or other malicious actions. This is a Stored Cross\u2011Site Scripting flaw classified as CWE\u201179.", "risk_and_exploitability": "The CVSS score of 4.4 indicates moderate severity, while the EPSS score of less than 1% shows a very low exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Because the attacker must be an administrator and the attack occurs when a user views the injected content, the vector is local with potential impact on all site visitors who render the page."}}}}, "created": "2026-04-22T13:45:18.285493+00:00", "updated": "2026-04-22T13:45:18.285509+00:00", "vendors": []}