4 matches found
Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
Vulnerability title: Wordpress plugin Pods = 2.4.3 XSS and CSRF vulnerabilities vulnerabilities Author: Pietro Oliva CVE: CVE-2014-7956, CVE-2014-7957 Product: pods Affected version: pods = 2.4.3 Vulnerabilities fixed in version: 2.5 XSS vulnerability CVE-2014-7956, authentication is needed:...
CVE-2014-7957
Multiple cross-site request forgery CSRF vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 conduct cross-site scripting XSS attacks via the toggled parameter in a toggle action in the pods-componen...
CVE-2014-7957
CVE-2014-7957 describes multiple CSRF vulnerabilities in the WordPress Pods plugin prior to 2.5. The issues allow an attacker to hijack administrator sessions via crafted requests to wp-admin/admin.php and to perform actions such as (1) XSS via the toggled parameter on the pods-components page, (...
WordPress Pods 2.4.3 CSRF / Cross Site Scripting
Vulnerability title: Wordpress plugin Pods alert'xss' target="http://localhost"; for i=0; i'; CSRF 2 delete pods plugin data: CSRF 3 deactivate pods and delete data: CSRF 4 enable "roles and capab...