The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.
https://wpscan.com/vulnerability/061c59d6-f4a0-4cd1-b945-5e92b9c2b4aa/