CVE-2025-66060 — Missing Authorization in Seriously Simple Podcasting

CWE-862 — Missing Authorization3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 83.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Castos Seriously Simple Podcasting Craig Hewitt Seriously Simple Podcasting

Timeline

PublishedNov 21

Description

Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5craig_hewitt/seriously_simple_podcasting3.13.0

▶NVDcastos/seriously_simple_podcasting< 3.14.0

🔴Vulnerability Details

GHSA

GHSA-gv8g-jhvc-8p4r: Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured A↗2025-11-21

▶

CVEList

WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Broken Access Control vulnerability↗2025-11-21

▶