cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9667,https://securityvulnerability.io/vulnerability/CVE-2024-9667,UnAuthenticatedreflected Cross-Site Scripting Vulnerability Affects Podcasting Plugin,"The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",Wordpress,Seriously Simple Podcasting,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-05T08:31:38.115Z,0
CVE-2024-3751,https://securityvulnerability.io/vulnerability/CVE-2024-3751,Unfiltered HTML Settings Vulnerability in Seriously Simple Podcasting WordPress Plugin,"The Seriously Simple Podcasting WordPress plugin before 3.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Seriously Simple Podcasting,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:04.549Z,0
CVE-2023-6444,https://securityvulnerability.io/vulnerability/CVE-2023-6444,Email Address Disclosure Vulnerability in Seriously Simple Podcasting WordPress Plugin,"An unauthenticated crafted request can lead to the exposure of the podcast owner's email address, which typically aligns with the admin email address in the Seriously Simple Podcasting plugin for WordPress. This vulnerability persists in versions prior to 3.0.0, potentially impacting users by disclosing sensitive information without requiring authentication. Such exposure of personal data can lead to further security risks, including targeted phishing attacks.",Wordpress,Seriously Simple Podcasting,,,0.0008399999933317304,false,,false,false,true,true,false,false,2024-03-11T17:56:04.708Z,0
CVE-2022-4571,https://securityvulnerability.io/vulnerability/CVE-2022-4571,Seriously Simple Podcasting < 2.19.1 - Contributor+ Stored XSS,"The Seriously Simple Podcasting WordPress plugin before 2.19.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",Wordpress,Seriously Simple Podcasting,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-01-16T15:37:52.001Z,0
CVE-2022-40132,https://securityvulnerability.io/vulnerability/CVE-2022-40132,WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery (CSRF) vulnerability,"Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.",Wordpress,Seriously Simple Podcasting (WordPress Plugin),5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2022-09-23T00:00:00.000Z,0