CVE-2014-7956
Severity
4.3MEDIUM
EPSS
0.2%
top 58.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 15
Latest updateMay 14
Description
Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php.
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9