WordPress Plugin Vulnerabilities

Seriously Simple Podcasting < 3.14.0 - Missing Authorization

Description

The Seriously Simple Podcasting plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.13.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
seriously-simple-podcasting
Fixed in 3.14.0

References

CVE
CVE-2025-62882
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7f4959a8-21e7-4cbf-a150-704abc956f31

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nguyen Tran Tuan Dung (domiee13)
Verified
No
WPVDB ID
e36f1621-7a57-41a5-abef-ab0db446a096

Timeline

Publicly Published
2025-06-12 (about 11 months ago)
Added
2025-12-11 (about 5 months ago)
Last Updated
2025-12-11 (about 5 months ago)

Other

Published
Title
Published
2026-02-18
Title
Digital Download < 1.1.5 - Missing Authorization
Published
2026-03-10
Title
MC4WP: Mailchimp for WordPress < 4.12.0 - Unauthenticated Arbitrary Subscription Deletion
Published
2024-08-16
Title
InPost for WooCommerce <= 1.4.0 and InPost PL <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary File Read and Delete
Published
2025-06-27
Title
PT Project Notebooks 1.0.0 - 1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via wpnb_pto_new_users_add Function
Published
2023-09-14
Title
Essential Addons for Elementor < 5.8.9 - Authenticated (Contributor+) Privilege Escalation