PatchSiren cyber security CVE debrief
CVE-2026-24637 Blubrry Podcasting CVE debrief
CVE-2026-24637 is a HIGH severity vulnerability (CVSS Score: 8.5) affecting PowerPress Podcasting plugin versions <= 11.15.10. The vulnerability, published on [cvePublishedAt], was publicly disclosed on [cvePublishedAt] and last modified on [cveModifiedAt]. The vulnerability allows for Contributor SQL Injection attacks, potentially enabling attackers to extract or modify sensitive data. The Common Weakness Enumeration (CWE) for this vulnerability is CWE-89.
- Vendor
- Blubrry Podcasting
- Product
- PowerPress Podcasting
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of PowerPress Podcasting plugin versions <= 11.15.10 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a SQL injection weakness in the PowerPress Podcasting plugin. This weakness allows a Contributor-level user to inject malicious SQL code, potentially leading to unauthorized data access or modification.
Defensive priority
HIGH
Recommended defensive actions
- Update PowerPress Podcasting plugin to a version greater than 11.15.10.
- Restrict user privileges to prevent Contributor-level users from injecting malicious SQL code.
- Monitor plugin and database logs for suspicious activity.
Evidence notes
Evidence for this vulnerability comes from Patchstack (see [ref-4]).
Official resources
-
CVE-2026-24637 CVE record
CVE.org
-
CVE-2026-24637 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-24637 was publicly disclosed on 2026-06-15T21:16:40.163Z and last modified on 2026-06-15T21:24:32.790Z.