8.8
CVE-2023-6999
- EPSS 1.16%
- Veröffentlicht 09.04.2024 19:15:13
- Zuletzt bearbeitet 22.01.2025 17:34:19
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginPods - Custom Content Types and Fields - Authenticated (Contributor+) Remote Code Execution
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server.
Mögliche Gegenmaßnahme
Pods – Custom Content Types and Fields: Update to one of the following versions, or a newer patched version: 2.7.31.2, 2.8.23.2, 2.9.19.2, 3.0.10.2
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Pods – Custom Content Types and Fields
Version
[*, 2.7.31)
Version
[2.8, 2.8.23.2)
Version
[3, 3.0.10.2)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Podsfoundation ≫ Pods SwPlatformwordpress Version < 2.7.31.2
Podsfoundation ≫ Pods SwPlatformwordpress Version >= 2.8 < 2.8.23.2
Podsfoundation ≫ Pods SwPlatformwordpress Version >= 2.9 < 2.9.19.2
Podsfoundation ≫ Pods SwPlatformwordpress Version >= 3.0.0 < 3.0.10.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.16% | 0.78 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|