CVE-2026-32448
Received Received - Intake
Stored XSS in Podlove Podcast Publisher Plugin

Publication date: 2026-03-13

Last updated on: 2026-03-13

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.This issue affects Podlove Podcast Publisher: from n/a through <= 4.3.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-13
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32448
EUVD
EUVD-2026-11995
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
eric_teubert podlove_podcast_publisher to 4.3.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-32448 is a Cross Site Scripting (XSS) vulnerability in the WordPress Podlove Podcast Publisher Plugin versions up to and including 4.3.3.

This vulnerability allows a malicious actor to inject and execute malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”on websites using the affected plugin.

Exploitation requires user interaction by a privileged user with at least Contributor or Developer roles, who must perform an action like clicking a malicious link, visiting a crafted page, or submitting a form.

Impact Analysis

The vulnerability can lead to the execution of malicious scripts on your website, which may cause unwanted redirects, display of unauthorized advertisements, or other harmful HTML payloads.

Because exploitation requires interaction by a privileged user, the impact is somewhat limited but can still compromise the integrity and security of your website.

The CVSS score of 6.5 indicates moderate severity, meaning it is a significant risk but not critical.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is a Stored Cross Site Scripting (XSS) issue in the Podlove Podcast Publisher WordPress plugin up to version 4.3.3. Detection typically involves identifying malicious script injections in web pages generated by the plugin.

Since exploitation requires a privileged user interaction (Contributor or Developer roles), monitoring logs for suspicious user actions such as unexpected form submissions, clicks on unusual links, or visits to crafted pages can help detect attempts.

Specific commands are not provided in the available resources, but general approaches include:

  • Reviewing web server logs for unusual POST requests or URL parameters related to the plugin.
  • Using web vulnerability scanners that support detection of stored XSS vulnerabilities on WordPress plugins.
  • Manually inspecting input fields and stored content generated by the plugin for injected scripts.
Mitigation Strategies

The primary and immediate mitigation step is to update the Podlove Podcast Publisher plugin to version 4.3.4 or later, where the vulnerability has been patched.

Additionally, limiting privileged user interactions and educating users with Contributor or Developer roles to avoid clicking suspicious links or submitting untrusted forms can reduce exploitation risk.

Using automated update tools like Patchstack can help rapidly deploy the patch and mitigate the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32448. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart