Castos Seriously Simple Podcasting vulnerable to Reflected XSS
CVE-2024-25599

7.1HIGH

Key Information:

Vendor: Castos
Status: Seriously Simple Podcasting
Vendor: CVE Published:; 28 March 2024

What is CVE-2024-25599?

The vulnerability in Castos Seriously Simple Podcasting allows for Reflected Cross-Site Scripting (XSS) attacks, jeopardizing the security of web pages generated by the plugin. This flaw enables attackers to inject malicious scripts into content viewed by users. If exploited, this could lead to unauthorized actions being executed in the context of the user’s session, risking sensitive data and user privacy. Affected versions range from an unspecified version up to 3.0.2, making it essential for users to assess their installations and apply necessary updates to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Seriously Simple Podcasting <= 3.0.2

References

https://patchstack.com/database/vulnerability/seriously-s...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Feb 8, 2024

Credit

Rafie Muhammad (Patchstack)

JSON

Castos