CVE-2014-7956: XSS
First published: Thu Jan 15 2015(Updated: )
Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pods Foundation | <=2.4.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-7956?
CVE-2014-7956 is classified as a moderate severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2014-7956?
To fix CVE-2014-7956, update the Pods plugin to version 2.5 or later.
Who is affected by CVE-2014-7956?
CVE-2014-7956 affects users of the Pods plugin for WordPress versions prior to 2.5.
What type of vulnerability is CVE-2014-7956?
CVE-2014-7956 is a cross-site scripting (XSS) vulnerability allowing injection of arbitrary web scripts or HTML.
What can attackers do using CVE-2014-7956?
Attackers can exploit CVE-2014-7956 to inject malicious scripts into the web pages viewed by other users.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/podsfoundation
- canonical/pods foundation
- version/pods foundation/2.4.3