The vulnerability permits an attacker to issue state‑changing requests on behalf of an authenticated user without the user's knowledge. A malicious page could submit forms or API calls to the PowerPress Podcasting plugin, potentially creating, modifying, or deleting podcast entries. This weakness is classified as CWE‑352 and does not grant direct code execution but results in integrity and possibly availability impacts if the attacker overwhelms the system or performs privileged actions.

WordPress sites running the PowerPress Podcasting plugin from older versions up to and including 11.13.12 are affected. The product is provided by blubrry and is used by WordPress users to manage podcast content. Any installation of the plugin within the specified version range is vulnerable. The exact version breakdown is not provided beyond the upper bound of 11.13.12.

The CVSS score of 4.3 indicates a moderate severity while the EPSS score of less than 1% suggests that exploitation is unlikely at present. The vulnerability has not been listed in CISA’s KEV catalog. Exploitation would typically involve tricking an authenticated user into visiting a crafted page that triggers a request to the vulnerable plugin endpoints. The attack can succeed if the victim's session cookie is present, and the plugin does not perform proper CSRF token validation.