80 matches found
Cross site scripting
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Singular Label' field parameter...
Cross site scripting
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Menu Label' field parameter...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Pods WordPress Plugin versions prior to 2.7.27, whi...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress Pods WordPress Plugin versions prior to 2.7.27, which stems...
WordPress Pods plugin <= 2.7.26 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WhiteSource in WordPress Pods plugin versions = 2.7.26. Solution Update the WordPress Pods plugin to the latest available version at least 2.7.27...
Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Singular Label' field parameter. It is recommended that the Pods WordPress plugin be updated to at least version 2.7.27, which fixes the vulnerability...
WordPress Pods Plugin Arbitrary File Download Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An arbitrary file download vulnerability exists in the WordPress Pods plugin. An attacker can exploit the vulnerability to...
CVE-2014-7957
Multiple cross-site request forgery CSRF vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks via the toggled parameter in a toggle action in the pods-componen...
CVE-2014-7956
Cross-site scripting XSS vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php...
Cross site scripting
Cross-site scripting XSS vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php...
CVE-2014-7957
Multiple cross-site request forgery CSRF vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks via the toggled parameter in a toggle action in the pods-componen...
CVE-2014-7956
Cross-site scripting XSS vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php...
CVE-2014-7957
CVE-2014-7957 describes multiple CSRF vulnerabilities in the WordPress Pods plugin prior to 2.5. The issues allow an attacker to hijack administrator sessions via crafted requests to wp-admin/admin.php and to perform actions such as (1) XSS via the toggled parameter on the pods-components page, (...
CVE-2014-7956
CVE-2014-7956: Affected product is the Pods WordPress plugin (versions
WordPress plugin Pods cross-site scripting vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Pods. As the program fails to properly filter user-suppli...
WordPress Plugin Pods Has Multiple Cross-Site Request Forgery Vulnerabilities
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site request forgery vulnerabilities exist in the WordPress plugin Pods, which can be exploited by an attacker...
Pods <= 2.4.3 - Authenticated XSS & CSRF
The Pods – Custom Content Types and Fields WordPress plugin was affected by an Authenticated XSS & CSRF security vulnerability...
WordPress Pods 2.4.3 CSRF / Cross Site Scripting
Vulnerability title: Wordpress plugin Pods alert'xss' target="http://localhost"; for i=0; i'; CSRF 2 delete pods plugin data: CSRF 3 deactivate pods and delete data: CSRF 4 enable "roles and capab...
WordPress Pods Plugin <= 2.4 - Multiple CSRF
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks via the "toggled" parameter in the pods-components page to wp-admin/admin.php, reset pod settings and data via the "podsreset" parameter in the...
WordPress Pods Plugin <= 2.4 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter in the pods page to wp-admin/admin.php. Solution Update the plugin...