WordPress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities

January 12, 2015 007admin Leave a comment

Posted by Pietro Oliva on Jan 12

Vulnerability title: WordPress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
vulnerabilities
Author: Pietro Oliva
CVE: CVE-2014-7956, CVE-2014-7957
Product: pods
Affected version: pods <= 2.4.3
Vulnerabilities fixed in version: 2.5

XSS vulnerability (CVE-2014-7956, authentication is needed):
http://localhost/wp-admin/admin.php?page=pods&action=edit&id=4&quot…

007 Software

WordPress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities

Leave a Reply Cancel reply

Software and Security Information