CVE-2025-66061 — Cross-Site Request Forgery in Seriously Simple Podcasting

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 93.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Castos Seriously Simple Podcasting Craig Hewitt Seriously Simple Podcasting

Timeline

PublishedNov 21

Description

Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5craig_hewitt/seriously_simple_podcasting3.13.0

▶NVDcastos/seriously_simple_podcasting< 3.14.0

🔴Vulnerability Details

CVEList

WordPress Seriously Simple Podcasting plugin <= 3.13.0 - Cross Site Request Forgery (CSRF) vulnerability↗2025-11-21

▶

GHSA

GHSA-jc9r-j5j5-r5w9: Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forg↗2025-11-21

▶