Pods < 2.9.11 – Pods Deletion via CSRF | CVE 2023-23790

Affects Plugins

pods

Fixed in 2.9.11

References

CVE

CVE-2023-23790

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Rafshanzani Suhada

Verified

No

WPVDB ID

5567472c-2f27-48d1-b999-fa15dc940180

Timeline

Publicly Published

2023-01-20 (about 3 years ago)

Added

2023-05-04 (about 2 years ago)

Last Updated

2023-05-04 (about 2 years ago)

Other

Published

Title

Published

2025-03-31

Title

Rio Video Gallery <= 2.3.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2023-11-07

Title

WP Links Page < 4.9.5 - Cross-Site Request Forgery via wplf_ajax_update_screenshots

Published

2025-04-01

Title

Product Notices for WooCommerce <= 1.3.3 - Cross-Site Request Forgery

Published

2025-08-25

Title

Newsletter subscription optin module <= 1.2.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Published

2025-06-27

Title

Aioseo Multibyte Descriptions <= 0.0.6 - Cross-Site Request Forgery