CVE-2021-24338

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

1.1%

top 21.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pods Framework Team Pods – Custom Content Types AND Fields Podsfoundation Pods

Timeline

PublishedJun 21

Latest updateMay 24

Description

The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5pods_framework_team/pods_–_custom_content_types_and_fields2.4.4.1 — 2.4.4.1*+1

▶NVDpodsfoundation/pods< 2.7.27

🔴Vulnerability Details

GHSA

GHSA-32xh-g4cw-vcw5: The Pods â€“ Custom Content Types and Fields WordPress plugin before 2↗2022-05-24

▶

CVEList

Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS)↗2021-06-21

▶