Vulnerabilities > Castos

DATE CVE VULNERABILITY TITLE RISK
2024-11-05 CVE-2024-9667 Cross-site Scripting vulnerability in Castos Seriously Simple Podcasting
The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.5.0.
network
low complexity
castos CWE-79
6.1
2024-09-24 CVE-2024-8738 Cross-site Scripting vulnerability in Castos Seriously Simple Stats
The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0.
network
low complexity
castos CWE-79
6.1
2023-11-06 CVE-2023-45001 Unspecified vulnerability in Castos Seriously Simple Stats
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0.
network
low complexity
castos
critical
9.8
2023-10-17 CVE-2023-45005 Unspecified vulnerability in Castos Seriously Simple Stats
Unauth.
network
low complexity
castos
6.1
2023-01-16 CVE-2022-4571 Unspecified vulnerability in Castos Seriously Simple Podcasting
The Seriously Simple Podcasting WordPress plugin before 2.19.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
network
low complexity
castos
5.4
2022-09-23 CVE-2022-40132 Cross-Site Request Forgery (CSRF) vulnerability in Castos Seriously Simple Podcasting
Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Podcasting plugin <= 2.16.0 at WordPress, leading to plugin settings change.
network
low complexity
castos CWE-352
4.3