What the vulnerability does
01Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0.
Explanation of Vulnerability in Simple Terms
02Summary
Seriously Simple Podcasting versions 3.13.0 and earlier expose sensitive information to unauthenticated attackers over the network. The vulnerability allows reading of non-public data without requiring user interaction or special network conditions. This affects all installations of the plugin up to and including version 3.13.0.
What an attacker can do
03Attacker Capabilities
Read sensitive non-public information from the podcast plugin without authentication.
Potential impact on your site
04Site Impact
Podcast data and configuration details may be exposed to anyone on the internet.
Conditions required to exploit
05Prerequisites
Network access to the WordPress site; no authentication or user interaction required.
Key dates
06Disclosure timeline
November 21, 2025
CVE published
April 28, 2026
Record updated