WordPress Plugin Vulnerabilities

Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field parameter.

It is recommended that the Pods WordPress plugin be updated to at least version 2.7.27, which fixes the vulnerability.

Affects Plugins

Plugin icon
pods
Fixed in 2.7.27

References

CVE
CVE-2021-24339
URL
https://github.com/pods-framework/pods/commit/56b90a398a93428d7d2490bc1a29e0ed2f97a9b2
URL
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-24339

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
WhiteSource
Verified
Yes
WPVDB ID
8e72236d-f620-4503-a324-dcf49405351b

Timeline

Publicly Published
2021-01-15 (about 4 years ago)
Added
2021-06-21 (about 4 years ago)
Last Updated
2021-06-25 (about 4 years ago)

Other

Published
Title
Published
2024-07-01
Title
WP QuickLaTeX < 3.8.8 - Admin+ Stored XSS
Published
2025-11-20
Title
Shortcodes Bootstrap <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-05-29
Title
Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode
Published
2022-10-24
Title
Traffic Manager <= 1.4.5 - Subscriber+ Stored Cross-Site Scripting
Published
2023-10-17
Title
Woo Custom Emails <= 2.2 - Reflected XSS