The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPodlove Podcast Publisher
APPPodlove< 3.5.6
Related vulnerabilities
RCE przez deserializację niezaufanych danych w Podlove Podcast Publisher
CSRF umożliwiający zdalne wykonanie kodu w Podlove Podcast Publisher
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the inser...
Missing Authorization vulnerability in Podlove Podlove Podcast Publisher.This issue affects Podlove Podcast Pu...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Podlove ...