4.3
CVE-2023-6965
- EPSS 0.22%
- Veröffentlicht 09.04.2024 19:15:13
- Zuletzt bearbeitet 22.01.2025 17:38:52
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPods - Custom Content Types and Fields - Missing Authorization
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This is due to the fact that the plugin allows the use of a file inclusion feature via shortcode. This makes it possible for authenticated attackers, with contributor access or higher, to create pods and users (with default role).
Mögliche Gegenmaßnahme
Pods – Custom Content Types and Fields: Update to one of the following versions, or a newer patched version: 2.7.31.2, 2.8.23.2, 2.9.19.2, 3.0.10.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Pods – Custom Content Types and Fields
Version
[*, 2.7.31)
Version
[2.8, 2.8.23.2)
Version
[3, 3.0.10.2)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Podsfoundation ≫ Pods SwPlatformwordpress Version < 2.7.31.2
Podsfoundation ≫ Pods SwPlatformwordpress Version >= 2.8 < 2.8.23.2
Podsfoundation ≫ Pods SwPlatformwordpress Version >= 2.9 < 2.9.19.2
Podsfoundation ≫ Pods SwPlatformwordpress Version >= 3.0.0 < 3.0.10.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.447 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.