cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3956,https://securityvulnerability.io/vulnerability/CVE-2024-3956,Stored Cross-Site Scripting Vulnerability in Pods Plugin,"The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pod Form widget in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Pods – Custom Content Types And Fields,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-14T15:42:00.000Z,0
CVE-2023-6999,https://securityvulnerability.io/vulnerability/CVE-2023-6999,Remote Code Execution Vulnerability in Pods Plugin,"The Pods – Custom Content Types and Fields plugin for WordPress presents a significant security vulnerability that allows for remote code execution through the use of shortcodes. This issue affects all versions up to and including 3.0.10, except for specific versions noted. Authenticated attackers with contributor level access or higher can exploit this flaw to execute arbitrary code on the server, posing a serious threat to site integrity and data confidentiality. WordPress users utilizing the Pods plugin should prioritize updating to the latest version to mitigate risks associated with this vulnerability.",Wordpress,Pods – Custom Content Types And Fields,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:26.244Z,0
CVE-2023-6965,https://securityvulnerability.io/vulnerability/CVE-2023-6965,Missing Authorization Vulnerability in Pods Plugin for WordPress,"The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role).",Wordpress,Pods – Custom Content Types And Fields,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:59:20.952Z,0
CVE-2023-6967,https://securityvulnerability.io/vulnerability/CVE-2023-6967,SQL Injection Vulnerability in Pods Plugin Could Lead to Sensitive Data Exfiltration,"The Pods – Custom Content Types and Fields plugin for WordPress exhibits a SQL Injection vulnerability through its shortcode feature. This issue arises from inadequate escaping of user-supplied parameters and insufficient preparation of the SQL queries involved. Attackers with contributor level access or higher can leverage this vulnerability to inject additional SQL commands into existing queries. This manipulation can lead to unauthorized access to sensitive data stored within the database, potentially compromising the integrity and privacy of user information.",Wordpress,Pods – Custom Content Types And Fields,8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-04-09T18:58:35.411Z,0
CVE-2021-24339,https://securityvulnerability.io/vulnerability/CVE-2021-24339,Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS),The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field parameter.,Wordpress,Pods – Custom Content Types And Fields,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-06-21T19:18:13.000Z,0
CVE-2021-24338,https://securityvulnerability.io/vulnerability/CVE-2021-24338,Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS),The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field parameter.,Wordpress,Pods – Custom Content Types And Fields,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2021-06-21T19:18:12.000Z,0