Lucene search
+L

80 matches found

Prion
Prion
added 2021/06/21 8:15 p.m.14 views

Cross site scripting

The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Singular Label' field parameter...

3.5CVSS5.3AI score0.00792EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/06/21 8:15 p.m.18 views

Cross site scripting

The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Menu Label' field parameter...

3.5CVSS5.3AI score0.0076EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.3 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Pods WordPress Plugin versions prior to 2.7.27, whi...

5.4CVSS5.5AI score0.00792EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.5 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress Pods WordPress Plugin versions prior to 2.7.27, which stems...

5.4CVSS5.5AI score0.0076EPSS
Exploits1References2
Patchstack
Patchstack
added 2021/04/27 12:0 a.m.19 views

WordPress Pods plugin <= 2.7.26 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by WhiteSource in WordPress Pods plugin versions = 2.7.26. Solution Update the WordPress Pods plugin to the latest available version at least 2.7.27...

5.4CVSS1.8AI score0.00792EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/15 12:0 a.m.22 views

Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting XSS security vulnerability within the 'Singular Label' field parameter. It is recommended that the Pods WordPress plugin be updated to at least version 2.7.27, which fixes the vulnerability...

3.5CVSS2.4AI score0.00792EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2018/11/29 12:0 a.m.2 views

WordPress Pods Plugin Arbitrary File Download Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An arbitrary file download vulnerability exists in the WordPress Pods plugin. An attacker can exploit the vulnerability to...

6.8AI score
Exploits0References1
NVD
NVD
added 2015/01/15 3:59 p.m.39 views

CVE-2014-7957

Multiple cross-site request forgery CSRF vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks via the toggled parameter in a toggle action in the pods-componen...

6.8CVSS6.6AI score0.01164EPSS
Exploits2References5
NVD
NVD
added 2015/01/15 3:59 p.m.31 views

CVE-2014-7956

Cross-site scripting XSS vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php...

4.3CVSS5.8AI score0.02041EPSS
Exploits2References4
Prion
Prion
added 2015/01/15 3:59 p.m.25 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php...

4.3CVSS6.2AI score0.02041EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2015/01/15 3:0 p.m.36 views

CVE-2014-7957

Multiple cross-site request forgery CSRF vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks via the toggled parameter in a toggle action in the pods-componen...

6.6AI score0.01164EPSS
Exploits2References5
Cvelist
Cvelist
added 2015/01/15 3:0 p.m.33 views

CVE-2014-7956

Cross-site scripting XSS vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php...

5.8AI score0.02041EPSS
Exploits2References4
CVE
CVE
added 2015/01/15 3:0 p.m.51 views

CVE-2014-7957

CVE-2014-7957 describes multiple CSRF vulnerabilities in the WordPress Pods plugin prior to 2.5. The issues allow an attacker to hijack administrator sessions via crafted requests to wp-admin/admin.php and to perform actions such as (1) XSS via the toggled parameter on the pods-components page, (...

6.8CVSS6.7AI score0.01164EPSS
Exploits2References5Affected Software1
CVE
CVE
added 2015/01/15 3:0 p.m.52 views

CVE-2014-7956

CVE-2014-7956: Affected product is the Pods WordPress plugin (versions

4.3CVSS5.9AI score0.02041EPSS
Exploits2References4Affected Software1
CNVD
CNVD
added 2015/01/13 12:0 a.m.6 views

WordPress plugin Pods cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Pods. As the program fails to properly filter user-suppli...

4.3CVSS6.7AI score0.02041EPSS
Exploits2References1
CNVD
CNVD
added 2015/01/13 12:0 a.m.6 views

WordPress Plugin Pods Has Multiple Cross-Site Request Forgery Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site request forgery vulnerabilities exist in the WordPress plugin Pods, which can be exploited by an attacker...

6.8CVSS6.7AI score0.01164EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2015/01/12 9:8 a.m.24 views

Pods <= 2.4.3 - Authenticated XSS & CSRF

The Pods – Custom Content Types and Fields WordPress plugin was affected by an Authenticated XSS & CSRF security vulnerability...

6.8CVSS2.5AI score0.02041EPSS
Exploits3References2Affected Software1
Packet Storm
Packet Storm
added 2015/01/12 12:0 a.m.50 views

WordPress Pods 2.4.3 CSRF / Cross Site Scripting

Vulnerability title: Wordpress plugin Pods alert'xss' target="http://localhost"; for i=0; i'; CSRF 2 delete pods plugin data: CSRF 3 deactivate pods and delete data: CSRF 4 enable "roles and capab...

6.8CVSS0.1AI score0.02041EPSS
Exploits3
Patchstack
Patchstack
added 2014/10/07 12:0 a.m.25 views

WordPress Pods Plugin <= 2.4 - Multiple CSRF

Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct cross-site scripting attacks via the "toggled" parameter in the pods-components page to wp-admin/admin.php, reset pod settings and data via the "podsreset" parameter in the...

6.8CVSS3.5AI score0.01164EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2014/10/07 12:0 a.m.28 views

WordPress Pods Plugin <= 2.4 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter in the pods page to wp-admin/admin.php. Solution Update the plugin...

4.3CVSS2.6AI score0.02041EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder