EUVD-2025-8026

Malicious code in bioql PyPI...

CVE-2024-11849

The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-1446

The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2025-1446

The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

CVE-2024-9883

The CVE-2024-9883 entry concerns the Pods WordPress plugin, prior to version 3.2.7.1, where certain settings were not properly sanitized or escaped. This can allow high-privilege users (e.g., administrators) to perform Stored Cross-Site Scripting (Stored XSS), even when unfiltered_html is disallo...

CVE-2023-6999 Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2. This makes it possible for authenticated attackers, with contributor level access ...