Cross-Site Scripting Vulnerability in Seriously Simple Podcasting by Craig Hewitt
CVE-2025-49923

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Seriously Simple Podcasting
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-49923?

The Seriously Simple Podcasting plugin, developed by Craig Hewitt, is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation. This security flaw allows an attacker to inject malicious scripts that can execute within the user's browser context. Affected versions include all versions up to and including 3.11.1, highlighting the importance of updating to the latest release to mitigate potential exploits.

Affected Version(s)

Seriously Simple Podcasting <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/seri...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

63n0 (Patchstack Alliance)

JSON