CVE-2025-1383
Podlove Podcast Publisher <= 4.2.2 - Cross-Site Request Forgery via ajax_transcript_delete FunctionThe Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated attackers to delete arbitrary episode transcripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
We have discovered 2,358 live websites that are affected by CVE-2025-1383.
Affected Software
| Product |  Podlove Podcasting Plugin For Wordpress |
| Category | Wordpress Plugins |
| Vulnerable Domains | 2,358 live websites (89.83% of Podlove Podcasting Plugin For Wordpress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 105 versions ( 99.06% of all versions) |
Common Weakness Enumeration
CWE-352 Cross-Site Request Forgery (CSRF)Details
- Published - Mar 6, 2025
- Updated - Mar 6, 2025
Credits
- Abbas Mamoun (finder)
CWE
CVE References
CWE References
CVE-2025-1383 usage by Country
 United States | 281 websites |
 Germany | 1,702 websites |
 Austria | 47 websites |
 France | 45 websites |
 Switzerland | 37 websites |
 Denmark | 30 websites |
 GB | 23 websites |
 Russia | 21 websites |
 Netherlands | 14 websites |
CVE-2025-1383 usage by TLD
| .de | 1,237 websites |
| .com | 423 websites |
| .org | 120 websites |
| .net | 96 websites |
| .eu | 46 websites |
| .at | 43 websites |
| .ch | 30 websites |
| .info | 30 websites |
| .nl | 19 websites |
| .co.uk | 18 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-1383
Top websites that are affected by CVE-2025-1383. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****************.de | Germany | **,*** | |
| *******.de | Germany | ***,*** | |
| ***.de | Germany | ***,*** | |
| ***********.com | United States | ***,*** | |
| *****************.com | United States | ***,*** | |
| **************************.de | Germany | ***,*** | |
| ***.de | Germany | ***,*** | |
| *******.de | Germany | ***,*** | |
| ************.com | United States | ***,*** | |
| *******.de | Germany | ***,*** |
FAQ
CVE-2025-1383 is Cross-Site Request Forgery (CSRF) in Podlove Podcasting Plugin For Wordpress
A total of 2,358 websites have been identified as vulnerable to CVE-2025-1383, discovered through global website indexing conducted by WebTechSurvey.
Podlove Podcasting Plugin For Wordpress is susceptible to CVE-2025-1383 vulnerability.
Podlove Podcasting Plugin For Wordpress versions before, and including, 4.2.2 are vulnerable to CVE-2025-1383.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/00a95ae7-3c58-4e5e-aaef-c04d1dacf27f?source=cve
- https://plugins.trac.wordpress.org/browser/podlove-podcasting-plugin-for-wordpress/tags/4.2.0/lib/modules/transcripts/transcripts.php#L223
- https://wordpress.org/plugins/podlove-podcasting-plugin-for-wordpress/#developers
- https://plugins.trac.wordpress.org/changeset/3246867/