Every CVE whose affected-product data names Podsfoundation Pods, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2025-1446 — CVSS 9.8 (critical): The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to…
CVE-2023-6967 — CVSS 8.8 (high): The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and…
CVE-2023-6999 — CVSS 8.8 (high): The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up…
CVE-2023-23790 — CVSS 7.1 (high): Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions.
CVE-2024-11849 — CVSS 6.1 (medium): The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2021-24338 — CVSS 5.4 (medium): The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting…
CVE-2021-24339 — CVSS 5.4 (medium): The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting…
CVE-2024-9883 — CVSS 4.8 (medium): The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2023-6965 — CVSS 4.3 (medium): The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and…
CVE-2014-7956 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script…