Podsfoundation Pods

10 CVEs affecting Podsfoundation Pods. Latest disclosed: 2025-03-23. Critical: 1, High: 3.

Top CVEs affecting Podsfoundation Pods
CVESeverityScorePublishedSummary
CVE-2025-1446Critical9.82025-03-23The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection…
CVE-2023-6999High8.82024-04-09The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0…
CVE-2023-6967High8.82024-04-09The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with…
CVE-2023-23790High7.12023-05-03Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions.
CVE-2024-11849Medium6.12025-01-06The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform St…
CVE-2021-24339Medium5.42021-06-21The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnera…
CVE-2021-24338Medium5.42021-06-21The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnera…
CVE-2024-9883Medium4.82024-11-05The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform St…
CVE-2023-6965Medium4.32024-04-09The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the e…
CVE-2014-79562015-01-15Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id…