PowerPress Podcasting: Untrusted Data Causes Unwanted Code to Run

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

PowerPress Podcasting: Untrusted Data Causes Unwanted Code to Run

CVE-2026-23798

Summary

The PowerPress Podcasting plugin allows attackers to inject malicious code if they send specially crafted data to the plugin. This means that an attacker could potentially take control of the plugin or access sensitive information. To fix this issue, update to the latest version of PowerPress Podcasting.

Original title

Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10.

Original description

Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10.

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Plugin/powerpress/vulnerability/wordpr...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026