cleantalk
Vulnerabilities and Security Researches

Pods – Custom Content Types and Fields, CVE-2023-6999

CVE, Research URL

CVE-2023-6999

Home page URL

Security reports for Pods – Custom Content Types and Fields

Application

Pods – Custom Content Types and Fields

Published on
Apr 10, 2024
Research Description
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server.
Affected versions
Min -, max 3.1.
Status
vulnerable
Previous vulnerability researches
Panda Pods Repeater Field (CVE-2022-4306) , Jun 06, 2024
Pods – Custom Content Types and Fields (CVE-2024-11849) , Jan 07, 2025
Pods – Custom Content Types and Fields (CVE-2025-1446) , May 08, 2025
Pods – Custom Content Types and Fields (CVE-2014-7956) , Jun 07, 2024
Pods – Custom Content Types and Fields (CVE-2023-6999) , Jun 07, 2024
New vulnerability
PW WooCommerce Bulk Edit (CVE-2025-47473) , May 08, 2025
Xavin's List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025