Pods – Custom Content Types and Fields WordPress Plugin Security Vulnerabilities | WPScan

14

September 4, 2025

100000

Published

2025-03-02

Title

Pods < 3.2.8.2 - Admin+ SQL Injection

Fixed in

Fixed in 3.2.8.2

CVSS

4.1 (medium)

Published

2024-12-16

Title

Pods – Custom Content Types and Fields < 3.2.8.1 - Admin+ Stored XSS

Fixed in

Fixed in 3.2.8.1

CVSS

3.5 (low)

Published

2024-10-15

Title

Pods < 3.2.7.1 - Admin+ Stored XSS

Fixed in

Fixed in 3.2.7.1

CVSS

3.5 (low)

Published

2024-05-09

Title

Pods – Custom Content Types and Fields < 3.2.1.1 - Contributor+ Stored Cross-Site Scripting via Pod Form Redirect URL

Fixed in

Fixed in 3.2.1.1

CVSS

5.4 (medium)

Published

2024-03-28

Title

Pods < 3.1 - Contributor+ Pods/Users Creation

Fixed in

Fixed in 3.1

CVSS

4.3 (medium)

Published

2024-03-28

Title

Pods < 3.1 - Contributor+ SQLi

Fixed in

Fixed in 3.1

CVSS

6.8 (medium)

Published

2024-03-28

Title

Pods < 3.1 - Contributor+ Remote Code Execution

Fixed in

Fixed in 3.1

CVSS

7.2 (high)

Published

2023-07-18

Title

Freemius SDK < 2.5.10 - Reflected Cross-Site Scripting

Fixed in

Fixed in 2.8.0

CVSS

6.1 (medium)

Published

2023-01-20

Title

Pods < 2.9.11 - Pods Deletion via CSRF

Fixed in

Fixed in 2.9.11

CVSS

4.3 (medium)

Published

2021-08-06

Title

Pods < 2.7.29 - Multiple Authenticated Stored Cross-Site Scripting (XSS)

Fixed in

Fixed in 2.7.29

CVSS

2.7 (low)

Published

2021-01-15

Title

Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)

Fixed in

Fixed in 2.7.27

CVSS

4.8 (medium)

Published

2021-01-15

Title

Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)

Fixed in

Fixed in 2.7.27

CVSS

4.8 (medium)

Published

2015-03-16

Title

Pods 1.4.7 <= 2.5.1.1 - Blind SQL Injection

Fixed in

Fixed in 2.5.1.2

CVSS

n/a

Published

2015-01-12

Title

Pods < 2.5 - Authenticated XSS & CSRF

Fixed in

Fixed in 2.5

CVSS

n/a