Cross-Site Request Forgery Vulnerabilities in Pods Plugin for WordPress
CVE-2014-7957

Currently unrated

Key Information:

Vendor: Wordpress
Status: Pods
Vendor: CVE Published:; 15 January 2015

Summary

The Pods plugin for WordPress has multiple vulnerabilities that allow remote attackers to exploit cross-site request forgery (CSRF) risks. Attackers can hijack the authentication of administrators to perform actions that include executing cross-site scripting (XSS) attacks, deleting pods, resetting settings, and manipulating roles and capabilities. The vulnerabilities can be triggered through specially crafted requests, impacting the integrity of the website and compromising its administrative functions.

References

http://www.securityfocus.com/bid/71996

vdb-entryx_refsource_BID

http://seclists.org/fulldisclosure/2015/Jan/26

mailing-listx_refsource_FULLDISC

https://wordpress.org/plugins/pods/changelog/

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 15, 2015
Vulnerability Reserved
Oct 7, 2014