CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23790 – WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23790
Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions. The Pods plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10.2. This is due to missing or incorrect nonce validation when deleting pods. This makes it possible for unauthenticated attackers to delete pods via forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/pods/wordpress-pods-custom-content-types-and-fields-plugin-2-9-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24338 – Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24338
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field parameter. El plugin Pods - Custom Content Types y Fields WordPress versiones anteriores a 2.7.27, era suceptible a una vulnerabilidad de Seguridad Autenticada de tipo Cross-Site Scripting (XSS) Almacenada dentro del parámetro de campo "Singular Label" • https://wpscan.com/vulnerability/d5b015f3-90c7-4d51-a71d-630d60965151 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-24338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24339 – Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24339
The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field parameter. El plugin Pods - Custom Content Types y Fields WordPress versiones anteriores a 2.7.27, era suceptible a una vulnerabilidad de seguridad Autenticada de tipo Cross-Site Scripting (XSS) Almacenada en el parámetro del campo "Menu Label" • https://wpscan.com/vulnerability/8e72236d-f620-4503-a324-dcf49405351b https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-24339 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-7956 – Pods <= 2.4.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-7956
Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php. Vulnerabilidad de XSS en el plugin Pods anterior a.5 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro id en una acción de editar en la página pods en wp-admin/admin.php. WordPress Pods plugin versions 2.4.3 and below suffer from cross site request forgery and cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Jan/26 http://www.securityfocus.com/archive/1/534437/100/0/threaded http://www.securityfocus.com/bid/71995 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •