Pods Vulnerability – Custom Content Types and Fields – Authenticated (Contributor+) SQL Injection via Shortcode – CVE-2023-6967 | WordPress Plugin Vulnerability Report
Plugin Name: Pods – Custom Content Types and Fields
Key Information:
- Software Type: Plugin
- Software Slug: pods
- Software Status: Active
- Software Author: sc0ttkclark
- Software Downloads: 4,033,656
- Active Installs: 100,000
- Last Updated: April 1, 2024
- Patched Versions: 2.7.31.2, 2.8.23.2, 2.9.19.2, 3.0.10.2
- Affected Versions: < 2.7.31, 3 - 3.0.10, 2.8 - 2.8.23
Vulnerability Details:
- Name: Pods - Custom Content Types and Fields
- Title: Authenticated (Contributor+) SQL Injection via Shortcode
- Type: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CVE: CVE-2023-6967
- CVSS Score: 8.8
- Publicly Published: March 28, 2024
- Researcher: Nex Team
- Description: The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to an SQL Injection attack through the use of shortcodes in all versions up to and including 3.0.10, with the exception of the patched versions. The vulnerability arises due to inadequate escaping of user-supplied parameters and insufficient preparation of SQL queries. This flaw enables authenticated users with contributor-level access or higher to inject additional SQL queries into existing ones, potentially leading to the unauthorized extraction of sensitive database information.
Summary:
The Pods – Custom Content Types and Fields plugin, integral to the functionality of over 100,000 WordPress sites, has been identified to contain a critical SQL Injection vulnerability in versions up to and including 3.0.10, with specified exceptions. This vulnerability has been meticulously addressed in the latest patched versions.
Detailed Overview:
Discovered by the diligent efforts of the Nex Team, this vulnerability presents a significant risk, particularly in its potential to compromise database integrity and confidentiality. SQL Injection vulnerabilities like this can lead to unauthorized data access, database manipulation, and in severe cases, complete site compromise. It is essential for users of the affected versions to promptly update to the secure versions to mitigate this risk.
Advice for Users:
- Immediate Action: It is imperative for users of the Pods plugin to update immediately to one of the secure versions: 2.7.31.2, 2.8.23.2, 2.9.19.2, or 3.0.10.2.
- Check for Signs of Vulnerability: Admins should review their site's database logs for any unusual activity and inspect content for unauthorized changes that could indicate exploitation.
- Alternate Plugins: Users concerned about recurring vulnerabilities may consider exploring alternatives that offer similar functionalities as a precautionary measure.
- Stay Updated: Maintaining the latest versions of all WordPress plugins is crucial in safeguarding against known vulnerabilities. Regular updates are a cornerstone of web security.
Conclusion:
The swift resolution of the SQL Injection vulnerability within the Pods plugin underscores the critical nature of ongoing software maintenance and the vigilance required in the digital domain. Users are strongly advised to ensure their installations are updated to the patched versions to protect against potential exploits.
References:
- Wordfence Vulnerability Report for Pods – Custom Content Types and Fields
- Wordfence Vulnerabilities for Pods