CVE-2025-1383
- Source
- https://cve.org/CVERecord?id=CVE-2025-1383
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-1383.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-1383
- Published
- 2025-03-06T12:15:35.937Z
- Modified
- 2025-11-16T12:30:45.483872Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajaxtranscriptdelete() function. This makes it possible for unauthenticated attackers to delete arbitrary episode transcripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- References
-
- https://plugins.trac.wordpress.org/browser/podlove-podcasting-plugin-for-wordpress/tags/4.2.0/lib/modules/transcripts/transcripts.php#L223
- https://wordpress.org/plugins/podlove-podcasting-plugin-for-wordpress/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/00a95ae7-3c58-4e5e-aaef-c04d1dacf27f?source=cve
- https://plugins.trac.wordpress.org/changeset/3246867/
Affected packages
Git / github.com/podlove/podlove-publisher
Affected ranges
- Type
- GIT
- Repo
- https://github.com/podlove/podlove-publisher
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.10.0-alpha
1.10.1-alpha
1.10.10-alpha
1.10.11-alpha
1.10.12-alpha
1.10.13-alpha
1.10.14-alpha
1.10.15-alpha
1.10.16-alpha
1.10.17-alpha
1.10.18-alpha
1.10.19-alpha
1.10.2-alpha
1.10.20-alpha
1.10.21-alpha
1.10.22-alpha
1.10.23-alpha
1.10.3-alpha
1.10.4-alpha
1.10.5-alpha
1.10.6-alpha
1.10.7-alpha
1.10.8-alpha
1.10.9-alpha
1.11-alpha
1.11.1-alpha
1.11.2-alpha
1.12-alpha
1.12.1-alpha
1.9.10-alpha
1.9.11-alpha
1.9.12-alpha
1.9.3-alpha
1.9.4-alpha
1.9.5-alpha
1.9.6-alpha
1.9.8-alpha
1.9.9-alpha
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.1.0
2.1.1
2.1.2
2.1.3
2.10.0
2.11.0
2.11.1
2.11.2
2.11.3
2.11.4
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.3.0
2.3.1
2.3.10
2.3.11
2.3.12
2.3.13
2.3.14
2.3.15
2.3.16
2.3.17
2.3.18
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.5.0
2.5.1
2.5.2
2.5.3
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.7.0
2.7.1
2.7.10
2.7.11
2.7.12
2.7.13
2.7.14
2.7.15
2.7.16
2.7.17
2.7.18
2.7.19
2.7.2
2.7.20
2.7.21
2.7.22
2.7.23
2.7.24
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8
2.7.9
2.8.0
2.8.1
2.8.10
2.8.2
2.8.3
2.8.4
2.8.5
2.8.6
2.8.7
2.8.8
2.8.9
2.9.0
2.9.1
2.9.10
2.9.2
2.9.3
2.9.4
2.9.5
2.9.6
2.9.8
2.9.9
3.*
3.0-beta20
3.0-beta21
3.0-beta22
3.0-beta23
3.0-beta24
3.0-beta25
3.0-beta26
3.0.0
3.0.1
3.0.2
3.0.4
3.1-beta1
3.1-beta2
3.1-beta3
3.1-beta4
3.1.0
3.1.1
3.1.1-beta1
3.1.1-beta2
3.1.1-beta3
3.1.1-beta4
3.1.1-beta5
3.1.1-beta6
3.1.1-beta7
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17
3.1.18
3.1.2
3.1.3
3.1.4
3.1.6
3.1.7
3.1.8
3.1.9
3.2.0
3.2.0-beta1
3.2.0-beta2
3.2.0-beta3
3.2.0-beta4
3.2.0-beta5
3.2.0-beta6
3.2.1
3.2.2
3.2.2-beta1
3.2.2-beta10
3.3.0
3.3.1
3.3.1-beta1
3.3.1-beta2
3.3.1-beta3
3.3.2
3.4.0
3.4.0-beta2
3.4.0-beta3
3.4.1
3.4.2-beta1
3.4.2-beta2
3.5.0
3.5.0-beta1
3.5.0-beta2
3.5.0-beta3
3.5.0-beta4
3.5.0-beta5
3.5.0-beta6
3.5.0-beta7
3.5.0-beta8
3.5.0-beta9
3.5.1
3.5.2
3.5.2-beta1
3.5.3
3.5.4
3.5.4-beta1
3.5.5
3.5.5-beta1
3.5.5-beta2
3.5.5-beta3
3.5.5-beta4
3.5.5-beta5
3.5.5-beta6
3.5.6
3.6.0
3.6.0-beta1
3.6.0-beta2
3.6.0-beta3
3.6.0-beta4
3.6.1
3.6.1-beta1
3.7.0
3.7.0-beta1
3.7.0-beta2
3.7.0-beta3
3.7.0-beta4
3.7.0-beta5
3.7.0-beta6
3.7.0-beta7
3.7.1
3.7.2
3.8.0
3.8.0-beta1
3.8.0-beta2
3.8.0-beta3
3.8.0-beta4
3.8.0-beta5
3.8.1
3.8.1-beta1
3.8.1-beta2
3.8.10
3.8.11
3.8.12
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
3.8.7
3.8.8
3.8.9
3.9.0-beta1
3.9.0-beta10
3.9.0-beta11
3.9.0-beta2
3.9.0-beta3
3.9.0-beta4
3.9.0-beta5
3.9.0-beta6
3.9.0-beta7
3.9.0-beta8
3.9.0-beta9
4.*
4.0.0
4.0.0-beta1
4.0.0-beta10
4.0.0-beta11
4.0.0-beta12
4.0.0-beta13
4.0.0-beta14
4.0.0-beta15
4.0.0-beta16
4.0.0-beta17
4.0.0-beta18
4.0.0-beta19
4.0.0-beta2
4.0.0-beta3
4.0.0-beta4
4.0.0-beta5
4.0.0-beta6
4.0.0-beta7
4.0.0-beta8
4.0.0-beta9
4.0.1
4.0.10
4.0.11
4.0.11-beta1
4.0.12
4.0.13
4.0.14
4.0.15
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.9-beta
4.1.0
4.1.1
4.1.10
4.1.11
4.1.12
4.1.13
4.1.14
4.1.15
4.1.16
4.1.17
4.1.18
4.1.19
4.1.2
4.1.20
4.1.21
4.1.22
4.1.23
4.1.24
4.1.25
4.1.3
4.1.4
4.1.5
4.1.6
4.1.7
4.1.8
4.1.9
4.2.0
4.2.0-beta2
4.2.0-beta3
4.2.0-beta4
4.2.0-beta5
4.2.0-beta6
4.2.0-beta7
4.2.0-beta8
4.2.1
4.2.2
b3.*
b3.0-beta4
Other
refs/heads/shownotes-module
v3.*
v3.0-beta1
v3.0-beta10
v3.0-beta11
v3.0-beta12
v3.0-beta13
v3.0-beta14
v3.0-beta15
v3.0-beta16
v3.0-beta17
v3.0-beta18
v3.0-beta19
v3.0-beta2
v3.0-beta3
v3.0-beta4
v3.0-beta5
v3.0-beta6
v3.0-beta7
v3.0-beta8
v3.0-beta9