CVE-2023-6999
Published: 09 April 2024
Summary
CVE-2023-6999 is a high-severity Command Injection (CWE-77) vulnerability in Podsfoundation Pods. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 21.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-59191
Vulnerability details
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to Remote Code Exxecution via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2). This makes it possible for authenticated…
more
attackers, with contributor level access or higher, to execute code on the server.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.