CVE-2023-6999

Name of the Vulnerable Software and Affected Versions The Pods – Custom Content Types and Fields plugin for WordPress versions prior to 3.0.11, excluding versions 2.7.31.2, 2.8.23.2, and 2.9.19.2

Description The issue allows authenticated attackers with contributor level access or higher to execute code on the server via shortcode. This is a Remote Code Execution vulnerability.

Recommendations For versions prior to 2.7.31.2, update to version 2.7.31.2 or higher. For versions prior to 2.8.23.2, update to version 2.8.23.2 or higher. For versions prior to 2.9.19.2, update to version 2.9.19.2 or higher. For versions 2.7.31.2, 2.8.23.2, and 2.9.19.2, and all versions up to 3.0.10, update to a version higher than 3.0.10. As a temporary workaround, consider restricting access to the shortcode feature until a patch is available.