Castos

Seriously Simple Podcasting

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-66059

  • EPSS 0.04%
  • Veröffentlicht 21.11.2025 12:29:54
  • Zuletzt bearbeitet 20.01.2026 15:19:00

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: f...

5.3

CVE-2025-66060

  • EPSS 0.04%
  • Veröffentlicht 21.11.2025 12:29:54
  • Zuletzt bearbeitet 20.01.2026 15:19:00

Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3....

4.3

CVE-2025-66061

  • EPSS 0.02%
  • Veröffentlicht 21.11.2025 12:29:54
  • Zuletzt bearbeitet 20.01.2026 15:19:01

Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.

4.3

CVE-2025-62882

  • EPSS 0.05%
  • Veröffentlicht 27.10.2025 01:33:43
  • Zuletzt bearbeitet 20.01.2026 15:18:00

Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3....

6.1

CVE-2025-49923

  • EPSS 0.05%
  • Veröffentlicht 22.10.2025 14:32:13
  • Zuletzt bearbeitet 20.01.2026 15:16:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows DOM-Based XSS.This issue affects Seriously Simple Podcasting: from n/a t...

4.8

CVE-2025-46261

  • EPSS 0.15%
  • Veröffentlicht 24.04.2025 16:15:34
  • Zuletzt bearbeitet 09.12.2025 18:42:47

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting allows Stored XSS. This issue affects Seriously Simple Podcasting: from n/a through 3.9.0.

6.1

CVE-2024-9667

  • EPSS 1.91%
  • Veröffentlicht 05.11.2024 09:15:05
  • Zuletzt bearbeitet 08.11.2024 15:27:25

The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0. This makes it possible for unaut...

4.8

CVE-2024-3751

Exploit
  • EPSS 0.36%
  • Veröffentlicht 13.07.2024 06:15:02
  • Zuletzt bearbeitet 13.05.2025 14:05:56

The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil...

6.1

CVE-2024-25599

  • EPSS 0.25%
  • Veröffentlicht 28.03.2024 07:15:54
  • Zuletzt bearbeitet 05.12.2025 18:05:41

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Castos Seriously Simple Podcasting allows Reflected XSS.This issue affects Seriously Simple Podcasting: from n/a through 3.0.2.

5.3

CVE-2023-6444

Exploit
  • EPSS 64.17%
  • Veröffentlicht 11.03.2024 18:15:17
  • Zuletzt bearbeitet 01.05.2025 00:09:05

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.