Description Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter. Remediation References CVE-2018-20121 Related Vulnerabilities WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Cross-Site Request Forgery Vulnerabilities (1.5.12) Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0792) WordPress Plugin Product Catalog Arbitrary File Upload (3.1.1) WordPress Plugin WP Dialog Cross-Site Scripting (1.2.5.5) WordPress Plugin WP Courses LMS Security Bypass (2.0.28) Severity Medium Classification CVE-2018-20121 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities