WordPress Plugin Vulnerabilities

Pods < 3.1 - Contributor+ Remote Code Execution

Description

The plugin is vulnerable to Remote Code Execution via shortcode, allowing authenticated attackers, with contributor level access or higher, to execute code on the server.

Affects Plugins

Plugin icon
pods
Fixed in 3.1

References

CVE
CVE-2023-6999
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d9108d5f-7b8b-478d-ba9d-f895bdb7dbf2

Miscellaneous

Original Researcher
Nex Team
Verified
No
WPVDB ID
00388093-50da-4136-a351-122699ede0cd

Timeline

Publicly Published
2024-03-28 (about 2 years ago)
Added
2024-03-29 (about 2 years ago)
Last Updated
2024-03-29 (about 2 years ago)

Other

Published
Title
Published
2017-01-11
Title
WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Published
2024-01-16
Title
Author Box, Guest Author and Co-Authors for Your Posts – Molongui < 4.7.5 - Information Exposure via ma_debug
Published
2025-09-10
Title
BeyondCart Connector < 3.0.2 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter
Published
2014-08-01
Title
Myriad 2.0 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download
Published
2019-07-01
Title
Easy Forms for Mailchimp < 6.5.3 - Code Injection