80 matches found
PT-2024-15170 · WordPress · The Pods – Custom Content Types/Fields
Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2 Description: The issue allows authenticated attackers with contributor level access or higher to...
WordPress Plugin Pods 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-15149 · WordPress · The Pods – Custom Content Types/Fields
Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2 Description: The issue arises from insufficient escaping on the user supplied parameter and lack of...
PT-2024-15147 · WordPress · The Pods – Custom Content Types/Fields
Name of the Vulnerable Software and Affected Versions: The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2. Description: The issue is related to Missing Authorization, which allows authenticated attackers wi...
WordPress Pods plugin <= 3.0.10 - Authenticated (Contributor+) SQL Injection via Shortcode vulnerability
Authenticated Contributor+ SQL Injection via Shortcode vulnerability discovered by Nex Team in WordPress Plugin Pods versions = 3.0.10...
WordPress Pods plugin <= 3.0.10 - Authenticated (Contributor+) Remote Code Execution via Shortcode vulnerability
Authenticated Contributor+ Remote Code Execution via Shortcode vulnerability discovered by Nex Team in WordPress Plugin Pods versions = 3.0.10...
WordPress Pods Plugin <= 3.0.10 is vulnerable to Remote Code Execution (RCE)
Software Pods Type Plugin Vulnerable versions = 3.0.10 Fixed in 3.0.10.2 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-6999 Patch priority Medium CVSS severity Medium 9.9 Developer Pods Framework PSID 2f35523a6e52 Credits Nex Team Required privilege Contributor...
Pods < 3.1 - Contributor+ SQLi
Description The plugin is vulnerable to SQL Injection via shortcode due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append...
WordPress Pods Plugin <= 3.0.10 is vulnerable to SQL Injection
Software Pods Type Plugin Vulnerable versions = 3.0.10 Fixed in 3.0.10.2 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-6967 Patch priority Low CVSS severity Low 8.5 Developer Pods Framework PSID ebff2ccf3db7 Credits Nex Team Required privilege Contributor Published 29 March...
Pods < 3.1 - Contributor+ Remote Code Execution
Description The plugin is vulnerable to Remote Code Execution via shortcode, allowing authenticated attackers, with contributor level access or higher, to execute code on the server...
WordPress Pods Plugin <= 2.7.31 is vulnerable to Cross Site Scripting (XSS)
Software Pods Type Plugin Vulnerable versions = 2.7.31 Fixed in 2.8.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Pods Framework PSID c91e0056bf48 Credits Rafie Muhammad Patchstack Required privilege...
CVE-2023-23790 WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin = 2.9.10.2 versions...
CVE-2023-23790 WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin = 2.9.10.2 versions...
CVE-2023-23790
The CVE-2023-23790 entry concerns Cross-Site Request Forgery (CSRF) in the Pods Framework Team Pods – Custom Content Types and Fields plugin for WordPress, affected versions
WordPress plugin Pods 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Pods Type Plugin Vulnerable versions = 2.9.10.2 Fixed in 2.9.11 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23790 Patch priority Low CVSS severity Low 7.1 Developer Pods Framework PSID f64545c57092 Credits Rafshanzani Suhada Required...
Panda Pods Repeater Field < 1.5.4 - Reflected XSS
The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. 1. Install Pods plugin dependency - https://wordpress.org/plugins/pods 2. Install the...
Pods < 2.7.29 - Multiple Authenticated Stored Cross-Site Scripting (XSS)
The plugin is vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability in multiple parameters. PoC 1. Go to /wp-admin/admin.php?page=pods 2. Edit one of the pods 3. Choose "Labels" menu 4. In "Label", "Singular Label", "Add New", or "All" input field, you can inject...
CVE-2021-24338
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Singular Label' field parameter...
CVE-2021-24339
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Menu Label' field parameter...