Sensitive Data Exposure in Seriously Simple Podcasting by Craig Hewitt
CVE-2025-66059

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Seriously Simple Podcasting
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-66059?

A vulnerability in the Seriously Simple Podcasting plugin enables unauthorized users to access and retrieve embedded sensitive data. This flaw poses a risk by exposing critical information that should remain secure, impacting the confidentiality of users' data. The affected versions range up to 3.13.0, underscoring the importance of updating to safeguard against potential exploitation.

Affected Version(s)

Seriously Simple Podcasting <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/seri...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Nov 21, 2025

Credit

daroo | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2025-66059?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit