CVE-2024-13729

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-13729

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-13729.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-13729

Published

2025-05-15T20:15:39.910Z

Modified

2026-04-10T05:07:27.797617Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Podlove Podcast Publisher WordPress plugin before 4.1.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

References

https://wpscan.com/vulnerability/2feed26b-ef02-4954-ab9d-8b0f958b0ef1/

Affected packages

Git / github.com/podlove/podlove-publisher

Affected ranges

Type

GIT

Repo

https://github.com/podlove/podlove-publisher

Events

Introduced

Fixed

4d2dc36dc016bfaac094f30c9eae3b5f8e48b944

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.1.24"
        }
    ]
}

Affected versions

1.*

1.10.10-alpha

1.10.11-alpha

1.10.14-alpha

1.10.15-alpha

1.10.16-alpha

1.10.17-alpha

1.10.18-alpha

1.10.19-alpha

1.10.20-alpha

1.10.21-alpha

1.10.22-alpha

1.10.23-alpha

1.10.3-alpha

1.10.4-alpha

1.10.5-alpha

1.10.6-alpha

1.10.7-alpha

1.10.8-alpha

1.10.9-alpha

1.11-alpha

1.11.1-alpha

1.11.2-alpha

1.9.10-alpha

1.9.11-alpha

1.9.12-alpha

1.9.3-alpha

1.9.4-alpha

1.9.5-alpha

1.9.6-alpha

1.9.8-alpha

1.9.9-alpha

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.1.0

2.1.1

2.1.2

2.1.3

2.10.0

2.11.0

2.11.1

2.11.2

2.11.3

2.11.4

2.2.0

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.4.0

2.5.0

2.6.0

2.6.1

2.6.2

2.6.3

2.6.4

2.7.0

2.8.0

2.8.1

2.8.10

2.8.2

2.8.3

2.8.4

2.8.5

2.8.6

2.8.7

2.8.8

2.8.9

2.9.0

2.9.1

2.9.10

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.8

2.9.9

3.*

3.0.0

3.0.1

3.0.2

3.0.4

3.1-beta1

3.1-beta2

3.1-beta3

3.1-beta4

3.1.1

3.1.1-beta1

3.1.1-beta2

3.1.1-beta3

3.1.1-beta4

3.1.1-beta5

3.1.1-beta6

3.1.1-beta7

3.1.10

3.1.11

3.1.12

3.1.13

3.1.14

3.1.15

3.1.16

3.1.17

3.1.18

3.1.2

3.1.3

3.1.4

3.1.6

3.1.7

3.1.8

3.1.9

3.2.0

3.2.0-beta1

3.2.0-beta2

3.2.0-beta3

3.2.0-beta4

3.2.0-beta5

3.2.1

3.2.2

3.3.0

3.3.1

3.3.2

3.4.0

3.4.1

3.4.2-beta1

3.4.2-beta2

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.5.5

3.5.6

3.6.0

3.6.1

3.8.0

3.8.0-beta1

3.8.0-beta2

3.8.0-beta3

3.8.0-beta4

3.8.0-beta5

3.8.1

3.8.1-beta1

3.8.1-beta2

3.8.10

3.8.11

3.8.12

3.8.2

3.8.3

3.8.4

3.8.5

3.8.6

3.8.7

3.8.8

3.8.9

4.*

4.0.0

4.0.1

4.0.10

4.0.11

4.0.12

4.0.13

4.0.14

4.0.15

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.1.0

4.1.1

4.1.10

4.1.11

4.1.12

4.1.13

4.1.14

4.1.15

4.1.16

4.1.17

4.1.18

4.1.19

4.1.2

4.1.20

4.1.21

4.1.22

4.1.23

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.8

4.1.9

Other

refs/heads/shownotes-module

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-13729.json"