Craig Hewitt Seriously Simple Podcasting vulnerabilities

CVE-2026-39505 [MEDIUM] CWE-862 CVE-2026-39505: Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-pod Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.2.

CVE-2026-24952 [MEDIUM] CWE-79 CVE-2026-24952: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.

CVE-2026-24360 [MEDIUM] CWE-918 CVE-2026-24360: Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting serious Server-Side Request Forgery (SSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Server Side Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.14.1.

CVE-2025-66061 [MEDIUM] CWE-352 CVE-2025-66061: Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriousl Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.

CVE-2025-66059 [MEDIUM] CWE-497 CVE-2025-66059: Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig He Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.

CVE-2025-66060 [MEDIUM] CWE-862 CVE-2025-66060: Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-pod Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.

CVE-2025-62882 [MEDIUM] CWE-862 CVE-2025-62882: Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-pod Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.

CVE-2025-49923 [MEDIUM] CWE-79 CVE-2025-49923: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows DOM-Based XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.11.1.

CVE-2025-46261 [MEDIUM] CWE-79 CVE-2025-46261: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Stored XSS.This issue affects Seriously Simple Podcasting: from n/a through <= 3.9.0.

CVE-2024-25599 [MEDIUM] CWE-79 CVE-2024-25599: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting.This issue affects Seriously Simple Podcasting: from n/a through <= 3.0.2.