Threat Entry Updated 2024-11-08

CVE-2024-9667 - Seriously Simple Podcasting Plugin

The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Seriously Simple Podcasting

CVE-2024-9667

MEDIUM CVSS 6.1 2024-11-05

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-13

CVE-2024-3751 - Seriously Simple Podcasting Plugin

The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

PLUGIN Seriously Simple Podcasting

CVE-2024-3751

MEDIUM CVSS 4.8 2024-07-13

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-01

CVE-2023-6444 - Seriously Simple Podcasting Plugin

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.

PLUGIN Seriously Simple Podcasting

CVE-2023-6444

MEDIUM CVSS 5.3 2024-03-11

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-40132 - Seriously Simple Podcasting Plugin

Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin

PLUGIN Seriously Simple Podcasting

CVE-2022-40132

MEDIUM CVSS 5.4 2022-09-23

Risk Score

Open Full Technical Breakdown