CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23790 – WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23790
20 Jan 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions. The Pods plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10.2. This is due to missing or incorrect nonce validation when deleting pods. This makes it possible for unauthenticated attackers to delete pods via forged request granted they can trick a site administrator into performing an action such as clicking on a lin... • https://patchstack.com/database/vulnerability/pods/wordpress-pods-custom-content-types-and-fields-plugin-2-9-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24338 – Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24338
15 Jan 2021 — The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field parameter. El plugin Pods - Custom Content Types y Fields WordPress versiones anteriores a 2.7.27, era suceptible a una vulnerabilidad de Seguridad Autenticada de tipo Cross-Site Scripting (XSS) Almacenada dentro del parámetro de campo "Singular Label" • https://wpscan.com/vulnerability/d5b015f3-90c7-4d51-a71d-630d60965151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24339 – Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24339
15 Jan 2021 — The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field parameter. El plugin Pods - Custom Content Types y Fields WordPress versiones anteriores a 2.7.27, era suceptible a una vulnerabilidad de seguridad Autenticada de tipo Cross-Site Scripting (XSS) Almacenada en el parámetro del campo "Menu Label" • https://wpscan.com/vulnerability/8e72236d-f620-4503-a324-dcf49405351b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-7956 – Pods <= 2.4.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-7956
12 Jan 2015 — Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php. Vulnerabilidad de XSS en el plugin Pods anterior a.5 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro id en una acción de editar en la página pods en wp-admin/admin.php. WordPress Pods plugin versions 2.4.3 and be... • http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •