Pods < 2.7.29 – Multiple Authenticated Stored Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

The plugin is vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability in multiple parameters.

Proof of Concept

1. Go to /wp-admin/admin.php?page=pods
2. Edit one of the pods
3. Choose "Labels" menu
4. In "Label", "Singular Label", "Add New", or "All" input field, you can inject an XSS payload, Example: <img src=x onerror=alert(1)>
5. Save and XSS payload will be executed

Affects Plugins

Fixed in 2.7.29

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Muhammad Daffa

Submitter

Muhammad Daffa

Submitter website

https://daffa.tech

Submitter twitter

Verified

Yes

WPVDB ID

fe6995d7-a755-48dd-ade8-651907878e41

Timeline

Publicly Published

2021-08-06 (about 2 years ago)

Added

2021-08-06 (about 2 years ago)

Last Updated

2021-08-06 (about 2 years ago)

Other

Published

Title

Published

2016-02-29

Title

Forget About Shortcode Buttons <= 1.1.1 - XSS

Published

2023-11-07

Title

Q2W3 Post Order <= 1.2.8 - Reflected Cross-Site Scripting

Published

2023-06-26

Title

NEX-Forms < 8.4.4 - Authenticated Stored XSS

Published

2023-11-07

Title

Pinyin Slugs < 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2019-09-10

Title

SlickQuiz <= 1.3.7.1 - Unauthenticated Stored XSS