Skip to main content

Pods CVE-2023-23790

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2023-05-03 audit@patchstack.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 03, 2023 - 10:15 nvd
HIGH 8.8

DescriptionNVD

Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods - Custom Content Types and Fields plugin <= 2.9.10.2 versions.

AnalysisAI

Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods - Custom Content Types and Fields plugin <= 2.9.10.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods - Custom Content Types and Fields plugin <= 2.9.10.2 versions. Affected products include: Podsfoundation Pods.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

More in Pods

View all
CVE-2014-7957 MEDIUM POC
6.8 Jan 15

Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods plugin before 2.5 for WordPress allow remote atta

CVE-2021-24339 MEDIUM POC
5.4 Jun 21

The Pods - Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cros

CVE-2021-24338 MEDIUM POC
5.4 Jun 21

The Pods - Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cros

CVE-2023-6999 HIGH
8.8 Apr 09

The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in

CVE-2023-6967 HIGH
8.8 Apr 09

The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all vers

CVE-2024-9883 MEDIUM POC
4.8 Nov 05

The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privi

CVE-2014-7956 MEDIUM POC
4.3 Jan 15

Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject a

CVE-2026-54191 HIGH
7.1 Jun 16

Unauthenticated reflected/stored cross-site scripting in the Pods WordPress plugin (versions 3.3.8 and earlier) allows r

CVE-2023-6965 MEDIUM
4.3 Apr 09

The Pods - Custom Content Types and Fields plugin for WordPress is vulnerable to Missing Authorization in all versions u

CVE-2025-1446 CRITICAL POC
9.8 Mar 23

The Pods WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, al

CVE-2024-11849 MEDIUM POC
6.1 Jan 06

The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privi

Share

CVE-2023-23790 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy