CVE-2026-32351
WordPress PowerPress Podcasting plugin <= 11.15.13 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in blubrry PowerPress Podcasting powerpress allows Stored XSS.This issue affects PowerPress Podcasting: from n/a through <= 11.15.13.
We have discovered 622 live websites that are affected by CVE-2026-32351.
Affected Software
| Product |  Powerpress |
| Category | Wordpress Plugins |
| Vulnerable Domains | 622 live websites (50% of Powerpress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 82 versions ( 95% of all versions) |
Details
- Published - Mar 13, 2026
- Updated - Apr 1, 2026
Credits
- Jitlada | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-32351 United States | 431 websites |
 Germany | 37 websites |
 Brazil | 22 websites |
 France | 14 websites |
 Canada | 11 websites |
 Netherlands | 10 websites |
 GB | 9 websites |
 Japan | 7 websites |
 Poland | 7 websites |
Website Distribution by TLD
Number of websites using CVE-2026-32351| .com | 410 websites |
| .org | 48 websites |
| .net | 25 websites |
| .com.br | 20 websites |
| .de | 12 websites |
| .ca | 8 websites |
| .fr | 7 websites |
| .pl | 7 websites |
| .se | 5 websites |
| .nl | 5 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-32351
Top websites that are affected by CVE-2026-32351. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.com | United States | ***,*** | |
| ***************.com | United States | ***,*** | |
| ***************.org | Netherlands | ***,*** | |
| **********.com | United States | ***,*** | |
| ************.com | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| ***********.co | United States | ***,*** | |
| ********************.com | United States | ***,*** | |
| *******.com | United States | ***,*** | |
| *********************.com | United States | ***,*** |
FAQ
A total of 622 websites have been identified as vulnerable to CVE-2026-32351, based on global website indexing conducted by WebTechSurvey.
The Powerpress is affected by the CVE-2026-32351 vulnerability.
Powerpress versions up to and including 11.15.13 are vulnerable to CVE-2026-32351.