CVE-2024-11849

Medium CVSS: 6.1

The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Vendor

Podsfoundation

Product

Pods

CWE

CWE-79

Yayın Tarihi

2025-01-06 06:15:06

Güncelleme

2025-05-14 14:19:59

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Pods MEDIUM Podsfoundation 2025

Referanslar

https://wpscan.com/vulnerability/85b25a5b-c30b-4a2a-96c1-f05b4eba8a9b/