Overview
In Pods WordPress Plugin, versions 2.4.4.1 to 2.7.26 are vulnerable to Stored Cross-Site Scripting (XSS) due to user input not being validated properly in the `Singular Label` field parameter. An authenticated attacker could inject malicious code into the input field before rendering it in the web page.
Details
The WordPress `Pods - Custom Content Types and Fields` plugin can be abused by Stored Cross-Site Scripting vulnerability since the plugin performs improper validation of the input sent to the `Singular Label` field parameter value before rendering it in the web page. Due to this flaw, an authenticated attacker can cause Stored Cross-Site Scripting.
PoC Details
On a Wordpress application with `pods` plugin installed and activated, you will find a `pods admin` option in the left side menu bar. Click on this option, then click on `Add New` -> `Create New`. Select `Content Type` as `Custom Post Type` from the drop-down menu and place the given payload in `Singular Label` text field, and fill the remaining fields. Click on `Next Step` and the given payload gets executed and an alert box will appear. This payload will get executed when you open the pods page.
PoC Code
<script>alert(1234)</script>
Affected Environments
2.4.4.1-2.7.26
Prevention
Upgrade to 2.7.27
Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
What is a WS vulnerability ID? 
