🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Pods – Custom Content Types and Fields

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Pods – Custom Content Types and Fields

Information

Software Type	Plugin
Software Slug	pods (view on wordpress.org)
Software Status	Active
Software Author	sc0ttkclark
Software Website	pods.io
Software Downloads	4,310,625
Software Active Installs	100,000
Software Record Last Updated	July 26, 2024

12 Vulnerabilities

Several WordPress.org Plugins <= Various Versions - Injected Backdoor

10.0

CVE-2024-6297

Jun 24, 2024

Researchers:

Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL

5.4

CVE-2024-3956

May 9, 2024

Researcher: wesley (wcraft)

Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode

8.8

CVE-2023-6967

Mar 28, 2024

Researcher: Nex Team

Pods - Custom Content Types and Fields - Missing Authorization

4.3

CVE-2023-6965

Mar 28, 2024

Researcher: Nex Team

Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution

8.8

CVE-2023-6999

Mar 28, 2024

Researcher: Nex Team

Pods <= 2.9.10.2 - Cross-Site Request Forgery

7.1

CVE-2023-23790

Jan 20, 2023

Researcher: Rafshanzani Suhada

Pods – Custom Content Types and Fields <= 2.7.28 - Authenticated (Admin+) Cross-Site Scripting

5.5

CVE ID Unknown

Aug 6, 2021

Researcher: Muhammad Daffa

Pods 2.4.4.1 - 2.7.26 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2021-24338

Jan 15, 2021

Researcher: WhiteSource

Pods <= 2.7.26 - Authenticated Stored Cross-Site Scripting via Menu Label field

5.4

CVE-2021-24339

Jan 15, 2021

Researcher: WhiteSource

Pods – Custom Content Types and Fields < 2.5.1.2 - SQL Injection

9.8

CVE ID Unknown

Mar 16, 2015

Researcher: Scott Kingsley Clark

Pods <= 2.4.3 - Cross-Site Scripting

6.1

CVE-2014-7956

Jan 12, 2015

Researcher: Pietro Oliva

Pods <= 2.4.3 - Multiple Cross-Site Request Forgery

9.6

CVE-2014-7957

Jan 12, 2015

Researcher: Pietro Oliva

Title	Status	CVE ID	CVSS	Researchers	Date
Several WordPress.org Plugins <= Various Versions - Injected Backdoor	Patched	CVE-2024-6297	10.0		June 24, 2024
Pods – Custom Content Types and Fields <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pod Form Redirect URL	Patched	CVE-2024-3956	5.4	wesley (wcraft)	May 9, 2024
Pods - Custom Content Types and Fields - Authenticated (Contributor+) SQL Injection via Shortcode	Patched	CVE-2023-6967	8.8	Nex Team	March 28, 2024
Pods - Custom Content Types and Fields - Missing Authorization	Patched	CVE-2023-6965	4.3	Nex Team	March 28, 2024
Pods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution	Patched	CVE-2023-6999	8.8	Nex Team	March 28, 2024
Pods <= 2.9.10.2 - Cross-Site Request Forgery	Patched	CVE-2023-23790	7.1	Rafshanzani Suhada	January 20, 2023
Pods – Custom Content Types and Fields <= 2.7.28 - Authenticated (Admin+) Cross-Site Scripting	Patched		5.5	Muhammad Daffa	August 6, 2021
Pods 2.4.4.1 - 2.7.26 - Authenticated Stored Cross-Site Scripting	Patched	CVE-2021-24338	5.4	WhiteSource	January 15, 2021
Pods <= 2.7.26 - Authenticated Stored Cross-Site Scripting via Menu Label field	Patched	CVE-2021-24339	5.4	WhiteSource	January 15, 2021
Pods – Custom Content Types and Fields < 2.5.1.2 - SQL Injection	Patched		9.8	Scott Kingsley Clark	March 16, 2015
Pods <= 2.4.3 - Cross-Site Scripting	Patched	CVE-2014-7956	6.1	Pietro Oliva	January 12, 2015
Pods <= 2.4.3 - Multiple Cross-Site Request Forgery	Patched	CVE-2014-7957	9.6	Pietro Oliva	January 12, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation