WordPress Plugin Vulnerabilities

Pods < 2.5 - Authenticated XSS & CSRF

Description

The Pods – Custom Content Types and Fields WordPress plugin was affected by an Authenticated XSS & CSRF security vulnerability.

Affects Plugins

Plugin icon
pods
Fixed in 2.5

References

CVE
CVE-2014-7957
CVE
CVE-2014-7956
URL
https://packetstormsecurity.com/files/#129890/
URL
https://seclists.org/fulldisclosure/2015/Jan/26

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
82622dd1-7e20-423a-b9ec-b8398b3b7cab

Timeline

Publicly Published
2015-01-12 (about 11 years ago)
Added
2015-01-12 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2014-09-21
Title
Login Widget With Shortcode 3.1.1 - CSRF/XSS
Published
2016-04-05
Title
WP Customer Reviews < 3.0.9 - CSRF & XSS
Published
2016-10-18
Title
InPost Gallery <= 2.1.2 - LFI & Authenticated Stored XSS
Published
2019-07-08
Title
WP Custom Body Class <= 0.7.0 - CSRF to Stored XSS and Settings Update
Published
2015-07-11
Title
CP Contact Form with Paypal <= 1.1.5 - Multiple Vulnerabilities