Podsfoundation Pods
10 CVEs affecting Podsfoundation Pods. Latest disclosed: 2025-03-23. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-1446 | Critical | 9.8 | 2025-03-23 | The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection… |
CVE-2023-6999 | High | 8.8 | 2024-04-09 | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0… |
CVE-2023-6967 | High | 8.8 | 2024-04-09 | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with… |
CVE-2023-23790 | High | 7.1 | 2023-05-03 | Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions. |
CVE-2024-11849 | Medium | 6.1 | 2025-01-06 | The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform St… |
CVE-2021-24339 | Medium | 5.4 | 2021-06-21 | The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnera… |
CVE-2021-24338 | Medium | 5.4 | 2021-06-21 | The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnera… |
CVE-2024-9883 | Medium | 4.8 | 2024-11-05 | The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform St… |
CVE-2023-6965 | Medium | 4.3 | 2024-04-09 | The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the e… |
CVE-2014-7956 | | 2015-01-15 | Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id… |