PatchSiren

blubrry CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM blubrry CVE published 2026-06-18

CVE-2026-12098

The PowerPress Podcasting plugin by Blubrry for WordPress has a Stored Cross-Site Scripting vulnerability via the 'embed' Episode Meta Field. This vulnerability affects all versions up to, and including, 11.16.8. The vulnerability allows authenticated attackers with author-level access and above to inject arbitrary web scripts. The scripts will execute when a user accesses an injected page. The embed valu [truncated]