CVE-2023-6999 | Vulnerability Database | Aqua Security

The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated attackers, with contributor level access or higher, to execute code on the server.

Affected Software

Name	Vendor	Start Version	End Version
Pods	Podsfoundation	*	2.7.31.2 (excluding)
Pods	Podsfoundation	2.8 (including)	2.8.23.2 (excluding)
Pods	Podsfoundation	2.9 (including)	2.9.19.2 (excluding)
Pods	Podsfoundation	3.0.0 (including)	3.0.10.2 (excluding)

References

https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750
https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3039486%40pods%2Ftrunk\u0026old=3039467%40pods%2Ftrunk\u0026sfp_email=\u0026sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/d9108d5f-7b8b-478d-ba9d-f895bdb7dbf2?source=cve
https://plugins.trac.wordpress.org/browser/pods/trunk/classes/PodsView.php#L750
https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3039486%40pods%2Ftrunk\u0026old=3039467%40pods%2Ftrunk\u0026sfp_email=\u0026sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/d9108d5f-7b8b-478d-ba9d-f895bdb7dbf2?source=cve

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-6999
CWE	https://cwe.mitre.org/data/definitions/.html