Pods@* Security Vulnerabilities and Issues — Pods@* CVE List

Lucene search

PodsfoundationPods*

10 matches found

CVE•added 2024/04/09 7:15 p.m.•56 views

CVE-2023-6999

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access ...

8.8CVSS9.4AI score0.00839EPSS

CVE•added 2021/06/21 8:15 p.m.•54 views

CVE-2021-24338

The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field parameter.

5.4CVSS5.3AI score0.01306EPSS

CVE•added 2025/03/23 6:15 a.m.•53 views

CVE-2025-1446

The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

9.8CVSS7.8AI score0.00045EPSS

CVE•added 2024/04/09 7:15 p.m.•52 views

CVE-2023-6967

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

8.8CVSS9.3AI score0.00327EPSS

CVE•added 2021/06/21 8:15 p.m.•50 views

CVE-2021-24339

5.4CVSS5.3AI score0.00466EPSS

CVE•added 2024/04/09 7:15 p.m.•48 views

CVE-2023-6965

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode....

4.3CVSS9AI score0.00222EPSS

CVE•added 2025/01/06 6:15 a.m.•42 views

CVE-2024-11849

The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

6.1CVSS5.4AI score0.00033EPSS

CVE•added 2023/05/03 10:15 a.m.•36 views

CVE-2023-23790

Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin

8.8CVSS8AI score0.00072EPSS

CVE•added 2015/01/15 3:59 p.m.•35 views

CVE-2014-7956

Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.

4.3CVSS5.9AI score0.00198EPSS

CVE•added 2024/11/05 6:15 a.m.•32 views

CVE-2024-9883

The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.9AI score0.00092EPSS