MEDIUM
blubrry
CVE published 2026-06-18
CVE-2026-12098
The PowerPress Podcasting plugin by Blubrry for WordPress has a Stored Cross-Site Scripting vulnerability via the 'embed' Episode Meta Field. This vulnerability affects all versions up to, and including, 11.16.8. The vulnerability allows authenticated attackers with author-level access and above to inject arbitrary web scripts. The scripts will execute when a user accesses an injected page. The embed valu [truncated]