WordPress Plugin Vulnerabilities
Pods < 2.7.29 - Multiple Authenticated Stored Cross-Site Scripting (XSS)
Description
The plugin is vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability in multiple parameters.
Proof of Concept
1. Go to /wp-admin/admin.php?page=pods 2. Edit one of the pods 3. Choose "Labels" menu 4. In "Label", "Singular Label", "Add New", or "All" input field, you can inject an XSS payload, Example: <img src=x onerror=alert(1)> 5. Save and XSS payload will be executed
Affects Plugins
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Muhammad Daffa
Submitter
Muhammad Daffa
Submitter website
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-08-06 (about 2 years ago)
Added
2021-08-06 (about 2 years ago)
Last Updated
2021-08-06 (about 2 years ago)