Podlove Web Player allows malicious code injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Podlove Web Player allows malicious code injection

CVE-2026-24385

Summary

If an attacker sends a specially crafted file to the Podlove Web Player, they may be able to inject malicious code into the application. This could potentially allow them to access sensitive data or take control of the system. Update to the latest version of the Podlove Web Player (5.9.2 or later) to fix this issue.

Original title

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through <= 5.9.1.

Original description

Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through <= 5.9.1.

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Plugin/podlove-web-player/vulnerabilit...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026