cleantalk
Vulnerabilities and Security Researches

Pods – Custom Content Types and Fields, CVE-2025-1446

CVE, Research URL

CVE-2025-1446

Home page URL

Security reports for Pods – Custom Content Types and Fields

Application

Pods – Custom Content Types and Fields

Published on
Mar 23, 2025
Research Description
The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
Affected versions
Min -, max 3.2.8.2.
Status
vulnerable
Previous vulnerability researches
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2024-13358) , May 07, 2025
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2022-4974) , Nov 15, 2024
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2025-1780) , Mar 02, 2025
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2024-35726) , Jun 11, 2024
BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages (CVE-2024-32603) , Jun 07, 2024
New vulnerability
Xavin's List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025