Castos Seriously Simple Podcasting vulnerable to Reflected XSS
CVE-2024-25599

7.1HIGH

Key Information:

Vendor: WordPress
Status: Seriously Simple Podcasting
Vendor: CVE Published:; 28 March 2024

What is CVE-2024-25599?

The vulnerability in Castos Seriously Simple Podcasting allows for Reflected Cross-Site Scripting (XSS) attacks, jeopardizing the security of web pages generated by the plugin. This flaw enables attackers to inject malicious scripts into content viewed by users. If exploited, this could lead to unauthorized actions being executed in the context of the user’s session, risking sensitive data and user privacy. Affected versions range from an unspecified version up to 3.0.2, making it essential for users to assess their installations and apply necessary updates to mitigate this risk.

Affected Version(s)

Seriously Simple Podcasting 0 <= 3.0.2

References

https://patchstack.com/database/Wordpress/Plugin/seriousl...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Feb 8, 2024

Credit

Rafie Muhammad (Patchstack)

CVE-2024-25599 Data

JSON