Lucene search
K

80 matches found

ptsecurity
ptsecurity
added 2024/04/09 12:0 a.m.5 views

PT-2024-15170 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2 Description: The issue allows authenticated attackers with contributor level access or higher to...

8.8CVSS10AI score0.01291EPSS
Exploits0References8
cnnvd
cnnvd
added 2024/04/09 12:0 a.m.2 views

WordPress Plugin Pods 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS8.7AI score0.00821EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/04/09 12:0 a.m.4 views

PT-2024-15149 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of...

8.8CVSS9.4AI score0.00821EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/04/09 12:0 a.m.5 views

PT-2024-15147 · WordPress · The Pods – Custom Content Types/Fields

Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2. Description: The issue is related to Missing Authorization, which allows authenticated attackers wi...

4.3CVSS9.2AI score0.00554EPSS
Exploits0References7
patchstack
patchstack
added 2024/03/29 9:2 a.m.3 views

WordPress Pods plugin <= 3.0.10 - Authenticated (Contributor+) SQL Injection via Shortcode vulnerability

Authenticated Contributor+ SQL Injection via Shortcode vulnerability discovered by Nex Team in WordPress Plugin Pods versions = 3.0.10...

8.8CVSS9.2AI score0.00821EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/03/29 8:38 a.m.5 views

WordPress Pods plugin <= 3.0.10 - Authenticated (Contributor+) Remote Code Execution via Shortcode vulnerability

Authenticated Contributor+ Remote Code Execution via Shortcode vulnerability discovered by Nex Team in WordPress Plugin Pods versions = 3.0.10...

8.8CVSS8.7AI score0.01291EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/03/29 12:0 a.m.13 views

WordPress Pods Plugin <= 3.0.10 is vulnerable to Remote Code Execution (RCE)

Software Pods Type Plugin Vulnerable versions = 3.0.10 Fixed in 3.0.10.2 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6999 Patch priority Medium CVSS severity Medium 9.9 Developer Pods Framework PSID 2f35523a6e52 Credits Nex Team Required privilege Contributor...

8.8CVSS7.2AI score0.01291EPSS
Exploits0References3Affected Software1
wpvulndb
wpvulndb
added 2024/03/29 12:0 a.m.19 views

Pods < 3.1 - Contributor+ SQLi

Description The plugin is vulnerable to SQL Injection via shortcode due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append...

8.8CVSS7.6AI score0.00821EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/03/29 12:0 a.m.10 views

WordPress Pods Plugin <= 3.0.10 is vulnerable to SQL Injection

Software Pods Type Plugin Vulnerable versions = 3.0.10 Fixed in 3.0.10.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-6967 Patch priority Low CVSS severity Low 8.5 Developer Pods Framework PSID ebff2ccf3db7 Credits Nex Team Required privilege Contributor Published 29 March...

8.8CVSS6.8AI score0.00821EPSS
Exploits0References3Affected Software1
wpvulndb
wpvulndb
added 2024/03/29 12:0 a.m.34 views

Pods < 3.1 - Contributor+ Remote Code Execution

Description The plugin is vulnerable to Remote Code Execution via shortcode, allowing authenticated attackers, with contributor level access or higher, to execute code on the server...

8.8CVSS8AI score0.01291EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2023/07/19 12:0 a.m.8 views

WordPress Pods Plugin <= 2.7.31 is vulnerable to Cross Site Scripting (XSS)

Software Pods Type Plugin Vulnerable versions = 2.7.31 Fixed in 2.8.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Pods Framework PSID c91e0056bf48 Credits Rafie Muhammad Patchstack Required privilege...

6.1AI score0.00284EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2023/05/03 9:58 a.m.23 views

CVE-2023-23790 WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin = 2.9.10.2 versions...

7.1CVSS7.1AI score0.00264EPSS
Exploits0References1
cvelist
cvelist
added 2023/05/03 9:58 a.m.38 views

CVE-2023-23790 WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin = 2.9.10.2 versions...

7.1CVSS9AI score0.00264EPSS
Exploits0References1
cve
cve
added 2023/05/03 9:58 a.m.54 views

CVE-2023-23790

The CVE-2023-23790 entry concerns Cross-Site Request Forgery (CSRF) in the Pods Framework Team Pods – Custom Content Types and Fields plugin for WordPress, affected versions

8.8CVSS8AI score0.00264EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2023/05/03 12:0 a.m.6 views

WordPress plugin Pods 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS7.8AI score0.00264EPSS
Exploits0References2
patchstack
patchstack
added 2023/01/20 12:0 a.m.19 views

WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pods Type Plugin Vulnerable versions = 2.9.10.2 Fixed in 2.9.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23790 Patch priority Low CVSS severity Low 7.1 Developer Pods Framework PSID f64545c57092 Credits Rafshanzani Suhada Required...

8.8CVSS6.7AI score0.00264EPSS
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2022/12/07 12:0 a.m.89 views

Panda Pods Repeater Field < 1.5.4 - Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. 1. Install Pods plugin dependency - https://wordpress.org/plugins/pods 2. Install the...

5.4CVSS0.1AI score0.00841EPSS
Exploits2
wpvulndb
wpvulndb
added 2021/08/06 12:0 a.m.13 views

Pods < 2.7.29 - Multiple Authenticated Stored Cross-Site Scripting (XSS)

The plugin is vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability in multiple parameters. PoC 1. Go to /wp-admin/admin.php?page=pods 2. Edit one of the pods 3. Choose "Labels" menu 4. In "Label", "Singular Label", "Add New", or "All" input field, you can inject...

1.9AI score
Exploits0Affected Software1
osv
osv
added 2021/06/21 8:15 p.m.8 views

CVE-2021-24338

The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Singular Label' field parameter...

5.4CVSS5.6AI score0.00792EPSS
Exploits1References2
osv
osv
added 2021/06/21 8:15 p.m.8 views

CVE-2021-24339

The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Menu Label' field parameter...

5.4CVSS5.6AI score0.0076EPSS
Exploits1References2
Rows per page
Query Builder