XSS in Podsfoundation Pods
CVE-2014-7956
Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.020 (78.7th percentile) — read the EPSS interpretation.
Affected products
- Podsfoundation Pods
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (mailing-list, Exploit, x_refsource_FULLDISC)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
Frequently asked questions
- What is CVE-2014-7956?
- CVE-2014-7956 is a vulnerability in Podsfoundation Pods, classified under Cross-site Scripting. Published 2015-01-15.
- Is CVE-2014-7956 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.