WordPress Pods Plugin <= 2.4 - XSS

2014-10-0700:00:00

Pietro Oliva

patchstack.com

EPSS

0.003

Percentile

69.1%

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the “id” parameter in the pods page to wp-admin/admin.php.

Solution

           Update the plugin.

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7956

EPSS

0.003

Percentile

69.1%

Related for PATCHSTACK:903628D10B62C3ECF9EBDDD013597113