CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11849 – Pods – Custom Content Types and Fields < 3.2.8.1 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-11849
16 Dec 2024 — The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping.... • https://wpscan.com/vulnerability/85b25a5b-c30b-4a2a-96c1-f05b4eba8a9b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9883 – Pods < 3.2.7.1 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-9883
15 Oct 2024 — The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.7 due to insufficient input sanitization and output escaping.... • https://wpscan.com/vulnerability/ea4b277e-ef47-4e38-bd82-c5a54a95372f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23790 – WordPress Pods Plugin <= 2.9.10.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23790
20 Jan 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions. The Pods plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10.2. This is due to missing or incorrect nonce validation when deleting pods. This makes it possible for unauthenticated attackers to delete pods via forged request granted they can trick a site administrator into performing an action such as clicking on a lin... • https://patchstack.com/database/vulnerability/pods/wordpress-pods-custom-content-types-and-fields-plugin-2-9-10-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24338 – Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24338
15 Jan 2021 — The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field parameter. El plugin Pods - Custom Content Types y Fields WordPress versiones anteriores a 2.7.27, era suceptible a una vulnerabilidad de Seguridad Autenticada de tipo Cross-Site Scripting (XSS) Almacenada dentro del parámetro de campo "Singular Label" • https://wpscan.com/vulnerability/d5b015f3-90c7-4d51-a71d-630d60965151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24339 – Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24339
15 Jan 2021 — The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field parameter. El plugin Pods - Custom Content Types y Fields WordPress versiones anteriores a 2.7.27, era suceptible a una vulnerabilidad de seguridad Autenticada de tipo Cross-Site Scripting (XSS) Almacenada en el parámetro del campo "Menu Label" • https://wpscan.com/vulnerability/8e72236d-f620-4503-a324-dcf49405351b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2014-7956 – Pods <= 2.4.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-7956
12 Jan 2015 — Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php. Vulnerabilidad de XSS en el plugin Pods anterior a.5 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro id en una acción de editar en la página pods en wp-admin/admin.php. WordPress Pods plugin versions 2.4.3 and be... • http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 2CVE-2014-7957 – Pods <= 2.4.3 - Multiple Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-7957
12 Jan 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete action in the pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admi... • http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html • CWE-352: Cross-Site Request Forgery (CSRF) •