Vulnerabilities > Podsfoundation > Pods > 2.8.5

DATE CVE VULNERABILITY TITLE RISK
2025-03-23 CVE-2025-1446 SQL Injection vulnerability in Podsfoundation Pods
The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
network
low complexity
podsfoundation CWE-89
critical
 9.8
9.8
2024-11-05 CVE-2024-9883 Cross-site Scripting vulnerability in Podsfoundation Pods
The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
podsfoundation CWE-79
4.8
4.8
2023-05-03 CVE-2023-23790 Unspecified vulnerability in Podsfoundation Pods
Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions.
network
low complexity
podsfoundation
8.8
8.8