CVE-2025-66059 — Exposure of Sensitive System Information to an Unauthorized Control Sphere in Seriously Simple Podcasting

CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 82.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Castos Seriously Simple Podcasting Craig Hewitt Seriously Simple Podcasting

Timeline

PublishedNov 21

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5craig_hewitt/seriously_simple_podcasting3.13.0

▶NVDcastos/seriously_simple_podcasting< 3.14.0

🔴Vulnerability Details

CVEList

WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Sensitive Data Exposure vulnerability↗2025-11-21

▶

GHSA

GHSA-9qp2-6xqr-cqwj: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-↗2025-11-21

▶