Does Podlove Subscribe button have any unpatched vulnerabilities?

No. All known vulnerabilities in Podlove Subscribe button have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Podlove Subscribe button compatible with WordPress 6.1.10?

According to WordPress.org data, Podlove Subscribe button 1.3.12 has been tested up to WordPress 6.1.10. Check the plugin's changelog for the latest compatibility information.

Is Podlove Subscribe button compatible with PHP 5.3+?

Podlove Subscribe button requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Podlove Subscribe button updated?

Podlove Subscribe button was last updated on Oct 12, 2025. Frequent updates are generally a positive security signal.

What is Podlove Subscribe button's security score?

Podlove Subscribe button has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Podlove Subscribe button Security & Risk Analysis

wordpress.org/plugins/podlove-subscribe-button

Podlove Subscribe button allows your users to easily select a podcast feed and pass it along to their favorite podcast app.

2K active installs v1.3.12 PHP 5.3+ WP 3.5.0+ Updated Oct 12, 2025

buttonfeedpodcastpodlovesubscribe

A · Safe

CVEs total4

Unpatched0

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Podlove Subscribe button Safe to Use in 2026?

Generally Safe

Score 95/100

Podlove Subscribe button has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Sep 22, 2025Updated 5mo ago

Risk Assessment

The Podlove Subscribe Button plugin v1.3.12 presents a mixed security posture. While it boasts a relatively small attack surface with no unprotected entry points and a significant percentage of SQL queries using prepared statements, there are areas of concern. The presence of the `unserialize` function is a significant red flag, as it can lead to Remote Code Execution (RCE) vulnerabilities if not handled with extreme care and input validation. Additionally, 51% of output escaping is a concern, suggesting potential for Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might be rendered without proper sanitization. The vulnerability history reveals a pattern of past security issues, including SQL Injection, XSS, and CSRF, with a high-severity vulnerability recorded as recently as September 2025. The fact that all past CVEs are currently patched is positive, but the recurring types of vulnerabilities and the historical presence of a high-severity flaw indicate a need for diligent security practices from the developers. Overall, while the immediate code analysis shows no critical active threats, the potential for issues due to `unserialize` and the historical vulnerability patterns warrant caution.

Key Concerns

Dangerous function unserialize present
Output escaping is not fully implemented (51% escaped)
1 High severity vulnerability in history
3 Medium severity vulnerabilities in history
Taint analysis shows unsanitized paths

Vulnerabilities

Podlove Subscribe button Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-58227medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Podlove Subscribe button <= 1.3.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 1.3.12 (23d)

CVE-2024-1118high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Podlove Subscribe button <= 1.3.10 - Authenticated (Contributor+) SQL Injection

Feb 6, 2024 Patched in 1.3.11 (1d)

CVE-2023-25479medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Podlove Subscribe button <= 1.3.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Feb 15, 2023 Patched in 1.3.9 (342d)

CVE-2023-25481medium · 5.4Cross-Site Request Forgery (CSRF)

Podlove Subscribe button <= 1.3.7 - Cross-Site Request Forgery via save function

Feb 15, 2023 Patched in 1.3.9 (342d)

Code Analysis

Analyzed Mar 16, 2026

Podlove Subscribe button Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn unserialize($property);model\base.php:52

SQL Query Safety

77% prepared13 total queries

Output Escaping

51% escaped89 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

run_database_migrations (version.php:57)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Podlove Subscribe button Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[podlove-subscribe-button] podlove.php:65

WordPress Hooks 9

actionadmin_menupodlove.php:42

actionnetwork_admin_menupodlove.php:44

actionadmin_initpodlove.php:46

actionadmin_initpodlove.php:50

actionplugins_loadedpodlove.php:67

actionadmin_enqueue_scriptspodlove.php:77

actionadmin_initversion.php:45

actionadmin_initversion.php:46

actionwidgets_initwidget.php:152

Maintenance & Trust

Podlove Subscribe button Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10

Last updatedOct 12, 2025

PHP min version5.3

Downloads61K

Community Trust

Rating100/100

Number of ratings2

Active installs2K

Alternatives

Podlove Subscribe button Alternatives

Subscribe Button by AddToAny

add-to-any-subscribe

Help visitors subscribe to your blog using email or any feed reader, such as Feedly, The Old Reader, Yahoo!, AOL, and many more feed services.

1K No CVEs

Buttonizer – Social Media Share Buttons, Social Icons, & Social Feeds

facebook-pagelike-widget

Floating Social Media Icons, Sticky Share Buttons, Facebook Feeds, & Popup builder. Also, create Call, Email, SMS, & Contact buttons to increa …

50K 2 CVEs

Contact Form & SMTP Plugin for WordPress by PirateForms

pirate-forms

A simple and effective WordPress contact form & SMTP plugin. Compatible with best themes out there, is both a secure and responsive contact form p …

30K 4 CVEs

PowerPress Podcasting plugin by Blubrry

powerpress

No. 1 Podcasting plugin for WordPress.

30K 19 CVEs

Podcast Player – Your Podcasting Companion

podcast-player

100

Showcase your podcast only using podcasting feed url. Use widget, shortcode or editor block to display podcast player anywhere on your site.

10K No CVEs

Developer Profile

Podlove Subscribe button Developer Profile

Alexander Lueken

1 plugin · 2K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

177 days

View full developer profile

Detection Fingerprints

How We Detect Podlove Subscribe button

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/podlove-subscribe-button/style.css/wp-content/plugins/podlove-subscribe-button/js/admin.js

Script Paths

/wp-content/plugins/podlove-subscribe-button/js/admin.js

Version Parameters

podlove-subscribe-button/style.css?ver=podlove-subscribe-button-admin-tools?ver=

HTML / DOM Fingerprints

CSS Classes

podlove-subscribe-button-container

Data Attributes

data-podlove-subscribe-button-buttondata-podlove-subscribe-button-sizedata-podlove-subscribe-button-styledata-podlove-subscribe-button-formatdata-podlove-subscribe-button-colordata-podlove-subscribe-button-autowidth+1 more

JS Globals

podlove_subscribe_button_default_sizepodlove_subscribe_button_default_autowidthpodlove_subscribe_button_default_colorpodlove_subscribe_button_default_stylepodlove_subscribe_button_default_format

Shortcode Output

[podlove-subscribe-button]

FAQ