Skip to main content

Seriously Simple Podcasting

4 CVEs product

Monthly

CVE-2026-39505 MEDIUM This Month

Missing authorization in Craig Hewitt Seriously Simple Podcasting plugin allows unauthenticated attackers to read sensitive podcast information through incorrectly configured access controls. The vulnerability affects versions 3.14.2 and earlier of the WordPress plugin. CVSS 5.3 with 0.02% EPSS score indicates limited real-world exploitation likelihood despite the network-accessible attack vector. No public exploit code or active CISA KEV listing confirms this as a lower-priority authorization disclosure issue.

Authentication Bypass Seriously Simple Podcasting
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-9667 MEDIUM PATCH This Month

The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Seriously Simple Podcasting
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-3751 MEDIUM POC This Month

The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seriously Simple Podcasting
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-40132 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Seriously Simple Podcasting
NVD
CVSS 3.1
4.3
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing authorization in Craig Hewitt Seriously Simple Podcasting plugin allows unauthenticated attackers to read sensitive podcast information through incorrectly configured access controls. The vulnerability affects versions 3.14.2 and earlier of the WordPress plugin. CVSS 5.3 with 0.02% EPSS score indicates limited real-world exploitation likelihood despite the network-accessible attack vector. No public exploit code or active CISA KEV listing confirms this as a lower-priority authorization disclosure issue.

Authentication Bypass Seriously Simple Podcasting
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Seriously Simple Podcasting
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seriously Simple Podcasting
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Seriously Simple Podcasting
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy