cleantalk
Vulnerabilities and Security Researches

Pods – Custom Content Types and Fields, CVE-2014-7956

CVE, Research URL

CVE-2014-7956

Home page URL

Security reports for Pods – Custom Content Types and Fields

Application

Pods – Custom Content Types and Fields

Published on
Jan 15, 2015
Research Description
Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.
Affected versions
Min -, max 2.5.1.2.
Status
vulnerable
Previous vulnerability researches
Panda Pods Repeater Field (CVE-2022-4306) , Jun 06, 2024
Pods – Custom Content Types and Fields (CVE-2024-11849) , Jan 07, 2025
Pods – Custom Content Types and Fields (CVE-2025-1446) , May 08, 2025
Pods – Custom Content Types and Fields (CVE-2014-7956) , Jun 07, 2024
Pods – Custom Content Types and Fields (CVE-2023-6999) , Jun 07, 2024
New vulnerability
PW WooCommerce Bulk Edit (CVE-2025-47473) , May 08, 2025
Xavin's List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025