Patchstack SSRF vulnerability

  • Resolved Ken Gagne

    (@kgagne)


    6 months, 3 weeks ago

    Patchstack is reporting a potential Server Side Request Forgery (SSRF) vulnerability in PowerPress Podcasting <= 11.13.2:

    This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system.

    CVE-2025-49984
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Mike Dell

    (@benzoid)

    6 months, 3 weeks ago

    Would be nice if Patchstack would let us know. We are looking into it as we just heard about it as well.

    Thread Starter Ken Gagne

    (@kgagne)

    6 months, 3 weeks ago

    Thanks!

    Would be nice if Patchstack would let us know.

    Based on their docs, it sounds like there’s a plugin for that!

    Plugin Support Mike Dell

    (@benzoid)

    6 months, 3 weeks ago

    They are supposed to reach out to the developer before publicly announcing bugs.

    Plugin Support Mike Dell

    (@benzoid)

    6 months, 3 weeks ago

    Patchstack hasn’t cleared the issue. 🙁 Sadly they are slow.

    Plugin Support Mike Dell

    (@benzoid)

    6 months, 2 weeks ago

    We fixed it as far as we know at this point. Patchstack has been very slow at communicating with us on what they are finding.

    I’m assured by my dev team that the bug they are reporting is fixed and even if it isn’t, it’s a very obscure and minor issue. Unfortunately, we are kind of at their mercy here 🙁

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Patchstack SSRF vulnerability’ is closed to new replies.