🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Pods – Custom Content Types and Fields

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Pods – Custom Content Types and Fields

Information

Software Type	Plugin
Software Slug	pods (view on wordpress.org)
Software Status	Active
Software Author	sc0ttkclark
Software Website	pods.io
Software Downloads	4,072,518
Software Active Installs	100,000
Software Record Last Updated	May 3, 2024

10 Vulnerabilities

Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode

8.8

CVE-2023-6967

Mar 28, 2024

Researcher: Nex Team

Pods - Custom Content Types and Fields - Missing Authorization

4.3

CVE-2023-6965

Mar 28, 2024

Researcher: Nex Team

Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution

8.8

CVE-2023-6999

Mar 28, 2024

Researcher: Nex Team

Pods <= 2.9.10.2 - Cross-Site Request Forgery

7.1

CVE-2023-23790

Jan 20, 2023

Researcher: Rafshanzani Suhada

Pods – Custom Content Types and Fields <= 2.7.28 - Authenticated (Admin+) Cross-Site Scripting

5.5

CVE ID Unknown

Aug 6, 2021

Researcher: Muhammad Daffa

Pods 2.4.4.1 - 2.7.26 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2021-24338

Jan 15, 2021

Researcher: WhiteSource

Pods <= 2.7.26 - Authenticated Stored Cross-Site Scripting via Menu Label field

5.4

CVE-2021-24339

Jan 15, 2021

Researcher: WhiteSource

Pods – Custom Content Types and Fields < 2.5.1.2 - SQL Injection

9.8

CVE ID Unknown

Mar 16, 2015

Researcher: Scott Kingsley Clark

Pods <= 2.4.3 - Cross-Site Scripting

6.1

CVE-2014-7956

Jan 12, 2015

Researcher: Pietro Oliva

Pods <= 2.4.3 - Multiple Cross-Site Request Forgery

9.6

CVE-2014-7957

Jan 12, 2015

Researcher: Pietro Oliva

Title	CVE ID	CVSS	Researchers	Date
Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode	CVE-2023-6967	8.8	Nex Team	March 28, 2024
Pods - Custom Content Types and Fields - Missing Authorization	CVE-2023-6965	4.3	Nex Team	March 28, 2024
Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution	CVE-2023-6999	8.8	Nex Team	March 28, 2024
Pods <= 2.9.10.2 - Cross-Site Request Forgery	CVE-2023-23790	7.1	Rafshanzani Suhada	January 20, 2023
Pods – Custom Content Types and Fields <= 2.7.28 - Authenticated (Admin+) Cross-Site Scripting		5.5	Muhammad Daffa	August 6, 2021
Pods 2.4.4.1 - 2.7.26 - Authenticated Stored Cross-Site Scripting	CVE-2021-24338	5.4	WhiteSource	January 15, 2021
Pods <= 2.7.26 - Authenticated Stored Cross-Site Scripting via Menu Label field	CVE-2021-24339	5.4	WhiteSource	January 15, 2021
Pods – Custom Content Types and Fields < 2.5.1.2 - SQL Injection		9.8	Scott Kingsley Clark	March 16, 2015
Pods <= 2.4.3 - Cross-Site Scripting	CVE-2014-7956	6.1	Pietro Oliva	January 12, 2015
Pods <= 2.4.3 - Multiple Cross-Site Request Forgery	CVE-2014-7957	9.6	Pietro Oliva	January 12, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation