cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11849,https://securityvulnerability.io/vulnerability/CVE-2024-11849,Stored Cross-Site Scripting Vulnerability in Pods WordPress Plugin,"The Pods WordPress plugin, before version 3.2.8.1, is susceptible to Stored Cross-Site Scripting (XSS) vulnerabilities due to improper sanitation and escaping of certain settings. This flaw potentially enables high-privilege users, such as administrators, to execute XSS attacks, even when the unfiltered_html capability is restricted. This issue is particularly concerning in multisite environments where security settings may limit user permissions.",Wordpress,Pods,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,true,false,false,2025-01-06T06:00:07.626Z,0
CVE-2024-9883,https://securityvulnerability.io/vulnerability/CVE-2024-9883,Stored Cross-Site Scripting Vulnerability in The Pods WordPress Plugin,"The Pods WordPress plugin prior to version 3.2.7.1 contains a vulnerability that arises from inadequate sanitization and escaping of certain settings. This flaw permits users with high privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This is particularly concerning in environments where the unfiltered_html capability is disabled, such as in multisite configurations, making it essential for those using this plugin to upgrade to the latest version to mitigate the risks associated with this vulnerability.",Wordpress,Pods,4.8,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-11-05T06:00:08.587Z,0
CVE-2024-3956,https://securityvulnerability.io/vulnerability/CVE-2024-3956,Stored Cross-Site Scripting Vulnerability in Pods Plugin,"The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Pods – Custom Content Types And Fields,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0
CVE-2023-6999,https://securityvulnerability.io/vulnerability/CVE-2023-6999,Remote Code Execution Vulnerability in Pods Plugin,"The Pods – Custom Content Types and Fields plugin for WordPress presents a significant security vulnerability that allows for remote code execution through the use of shortcodes. This issue affects all versions up to and including 3.0.10, except for specific versions noted. Authenticated attackers with contributor level access or higher can exploit this flaw to execute arbitrary code on the server, posing a serious threat to site integrity and data confidentiality. WordPress users utilizing the Pods plugin should prioritize updating to the latest version to mitigate risks associated with this vulnerability.",Wordpress,Pods – Custom Content Types And Fields,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:26.244Z,0
CVE-2023-6965,https://securityvulnerability.io/vulnerability/CVE-2023-6965,Missing Authorization Vulnerability in Pods Plugin for WordPress,"The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role).",Wordpress,Pods – Custom Content Types And Fields,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:20.952Z,0
CVE-2023-6967,https://securityvulnerability.io/vulnerability/CVE-2023-6967,SQL Injection Vulnerability in Pods Plugin Could Lead to Sensitive Data Exfiltration,"The Pods – Custom Content Types and Fields plugin for WordPress exhibits a SQL Injection vulnerability through its shortcode feature. This issue arises from inadequate escaping of user-supplied parameters and insufficient preparation of the SQL queries involved. Attackers with contributor level access or higher can leverage this vulnerability to inject additional SQL commands into existing queries. This manipulation can lead to unauthorized access to sensitive data stored within the database, potentially compromising the integrity and privacy of user information.",Wordpress,Pods – Custom Content Types And Fields,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:58:35.411Z,0
CVE-2022-4306,https://securityvulnerability.io/vulnerability/CVE-2022-4306,Panda Pods Repeater Field < 1.5.4 - Reflected XSS,"The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.",Wordpress,Panda Pods Repeater Field,5.4,MEDIUM,0.0010400000028312206,false,,false,false,false,,false,false,2023-01-30T20:31:30.627Z,0
CVE-2021-24339,https://securityvulnerability.io/vulnerability/CVE-2021-24339,Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS),The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field parameter.,Wordpress,Pods – Custom Content Types And Fields,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-06-21T19:18:13.000Z,0
CVE-2021-24338,https://securityvulnerability.io/vulnerability/CVE-2021-24338,Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS),The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field parameter.,Wordpress,Pods – Custom Content Types And Fields,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-06-21T19:18:12.000Z,0
CVE-2014-7956,https://securityvulnerability.io/vulnerability/CVE-2014-7956,,Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.,Wordpress,Pods,,,0.0038300000596791506,false,,false,false,false,,false,false,2015-01-15T15:00:00.000Z,0
CVE-2014-7957,https://securityvulnerability.io/vulnerability/CVE-2014-7957,,"Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the toggled parameter in a toggle action in the pods-components page to wp-admin/admin.php, (2) delete a pod in a delete action in the pods page to wp-admin/admin.php, (3) reset pod settings and data via the pods_reset parameter in the pod-settings page to wp-admin/admin.php, (4) deactivate and reset pod data via the pods_reset_deactivate parameter in the pod-settings page to wp-admin/admin.php, (5) delete the admin role via the id parameter in a delete action in the pods-component-roles-and-capabilities page to wp-admin/admin.php, or (6) enable ""roles and capabilities"" in a toggle action in the pods-components page to wp-admin/admin.php.",Wordpress,Pods,,,0.0030700000934302807,false,,false,false,false,,false,false,2015-01-15T15:00:00.000Z,0