Pods – Custom Content Types and Fields

Information

Software Type Plugin
Software Slug pods (view on wordpress.org)
Software Status Active
Software Author sc0ttkclark
Software Website pods.io
Software Downloads 4,510,209
Software Active Installs 100,000
Software Record Last Updated November 21, 2024

13 Vulnerabilities

Title Status CVE ID CVSS Researchers Date
Pods <= 3.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting Patched CVE-2024-9883 4.4 Dmitrii Ignatyev October 15, 2024
Several WordPress.org Plugins <= Various Versions - Injected Backdoor Patched CVE-2024-6297 10.0 June 24, 2024
Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL Patched CVE-2024-3956 5.4 wesley (wcraft) May 9, 2024
Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode Patched CVE-2023-6967 8.8 Nex Team March 28, 2024
Pods - Custom Content Types and Fields - Missing Authorization Patched CVE-2023-6965 4.3 Nex Team March 28, 2024
Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution Patched CVE-2023-6999 8.8 Nex Team March 28, 2024
Pods <= 2.9.10.2 - Cross-Site Request Forgery Patched CVE-2023-23790 7.1 Rafshanzani Suhada January 20, 2023
Pods – Custom Content Types and Fields <= 2.7.28 - Authenticated (Admin+) Cross-Site Scripting Patched 5.5 Muhammad Daffa August 6, 2021
Pods 2.4.4.1 - 2.7.26 - Authenticated Stored Cross-Site Scripting Patched CVE-2021-24338 5.4 WhiteSource January 15, 2021
Pods <= 2.7.26 - Authenticated Stored Cross-Site Scripting via Menu Label field Patched CVE-2021-24339 5.4 WhiteSource January 15, 2021
Pods – Custom Content Types and Fields < 2.5.1.2 - SQL Injection Patched 9.8 Scott Kingsley Clark March 16, 2015
Pods <= 2.4.3 - Cross-Site Scripting Patched CVE-2014-7956 6.1 Pietro Oliva January 12, 2015
Pods <= 2.4.3 - Multiple Cross-Site Request Forgery Patched CVE-2014-7957 9.6 Pietro Oliva January 12, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation