Lucene search
K

4 matches found

securityvulns
securityvulns
added 2015/01/19 12:0 a.m.68 views

Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities

Vulnerability title: Wordpress plugin Pods = 2.4.3 XSS and CSRF vulnerabilities vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7956, CVE-2014-7957 Product: pods Affected version: pods = 2.4.3 Vulnerabilities fixed in version: 2.5 XSS vulnerability CVE-2014-7956, authentication is needed:...

6.8CVSS0.4AI score0.02041EPSS
Exploits3
NVD
NVD
added 2015/01/15 3:59 p.m.39 views

CVE-2014-7957

Multiple cross-site request forgery CSRF vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks via the toggled parameter in a toggle action in the pods-componen...

6.8CVSS6.6AI score0.01164EPSS
Exploits2References5
CVE
CVE
added 2015/01/15 3:0 p.m.51 views

CVE-2014-7957

CVE-2014-7957 describes multiple CSRF vulnerabilities in the WordPress Pods plugin prior to 2.5. The issues allow an attacker to hijack administrator sessions via crafted requests to wp-admin/admin.php and to perform actions such as (1) XSS via the toggled parameter on the pods-components page, (...

6.8CVSS6.7AI score0.01164EPSS
Exploits2References5Affected Software1
Packet Storm
Packet Storm
added 2015/01/12 12:0 a.m.49 views

WordPress Pods 2.4.3 CSRF / Cross Site Scripting

Vulnerability title: Wordpress plugin Pods alert'xss' target="http://localhost"; for i=0; i'; CSRF 2 delete pods plugin data: CSRF 3 deactivate pods and delete data: CSRF 4 enable "roles and capab...

6.8CVSS0.1AI score0.02041EPSS
Exploits3
Rows per page
Query Builder