CVE-2024-9883

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-9883

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9883.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-9883

Published

2024-11-05T06:15:06Z

Modified

2024-11-08T23:48:06.963132Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

References

https://wpscan.com/vulnerability/ea4b277e-ef47-4e38-bd82-c5a54a95372f/

Affected packages

Git / github.com/pods-framework/pods

Affected ranges

Type: GIT
Repo: https://github.com/pods-framework/pods
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

26fc546d4e9c0142bd3f16f1eda346f5c26d8c77

Affected versions

1.*

1.0.0

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.10

1.10.1

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.11.0

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

1.5.7

1.5.8

1.5.9

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

1.7.8

1.7.9

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.8.8

1.8.9

1.9.0

1.9.1

1.9.2

1.9.2.1

1.9.2.2

1.9.3

1.9.3.1

1.9.4

1.9.5

1.9.5.1

1.9.6

1.9.6.1

1.9.6.2

1.9.6.3

1.9.7

1.9.7.1

1.9.7.2

1.9.7.3

1.9.7.4

1.9.8

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.3.1

2.0.4

2.0.4.1

2.0.5

2.1.0

2.2.0

2.3.0

2.3.1

2.3.10

2.3.11

2.3.12

2.3.14

2.3.15

2.3.16

2.3.17

2.3.18

2.3.2

2.3.3

2.3.3.1

2.3.4

2.3.5

2.3.5.1

2.3.6

2.3.7

2.3.8

2.3.9

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0

2.5.1

2.5.1.1

2.5.1.2

2.5.2

2.5.3

2.5.4

2.5.5

2.6.0

2.6.1

2.6.10

2.6.11

2.6.11.1

2.6.11.2

2.6.2

2.6.3

2.6.3.1

2.6.4

2.6.5

2.6.5.1

2.6.5.2

2.6.6

2.6.7

2.6.8

2.7.0

2.7.1

2.7.10

2.7.11

2.7.12

2.7.13

2.7.14

2.7.15

2.7.16

2.7.16.1

2.7.16.2

2.7.17

2.7.17.1

2.7.18

2.7.2

2.7.2.1

2.7.20

2.7.20.1

2.7.21

2.7.22

2.7.23

2.7.24

2.7.25

2.7.26

2.7.27

2.7.28

2.7.29

2.7.3

2.7.30

2.7.31

2.7.4

2.7.5

2.7.6

2.7.7

2.7.8

2.7.9

2.8.0

2.8.1

2.8.10

2.8.11

2.8.12

2.8.13

2.8.14

2.8.15

2.8.16

2.8.17

2.8.18

2.8.19

2.8.2

2.8.20

2.8.21

2.8.22

2.8.22.1

2.8.23

2.8.3

2.8.4

2.8.4.1

2.8.5

2.8.6

2.8.7

2.8.8

2.8.8.1

2.8.9

2.9.0

2.9.1

2.9.10

2.9.10.1

2.9.10.2

2.9.11

2.9.11.1

2.9.12

2.9.12.1

2.9.12.2

2.9.13

2.9.14

2.9.15

2.9.16

2.9.17

2.9.18

2.9.19

2.9.2

2.9.3

2.9.4

2.9.5

2.9.6

2.9.7

2.9.8

2.9.9

3.*

3.0-beta-1

3.0.0

3.0.1

3.0.10

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.2.0

3.2.1

3.2.1.1

3.2.2

3.2.4

3.2.5

3.2.6

3.2.7