CVE-2025-62882 — Missing Authorization in Seriously Simple Podcasting

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 90.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Castos Seriously Simple Podcasting Craig Hewitt Seriously Simple Podcasting

Timeline

PublishedOct 27

Description

Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5craig_hewitt/seriously_simple_podcasting3.13.0

▶NVDcastos/seriously_simple_podcasting< 3.14.0

🔴Vulnerability Details

CVEList

WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability↗2025-10-27

▶

GHSA

GHSA-f8q6-hmxg-h9wf: Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured A↗2025-10-27

▶