Login Sign Up

CVE-2023-6999

8.8 HIGH
Remote Code Execution

📋 TL;DR

The Pods WordPress plugin has a remote code execution vulnerability in its shortcode handling. Authenticated attackers with contributor-level access or higher can execute arbitrary code on the server. This affects all versions up to 3.0.10 except specific patched versions.

💻 Affected Systems

Products:
  • Pods – Custom Content Types and Fields WordPress plugin
Versions: All versions up to and including 3.0.10, except 2.7.31.2, 2.8.23.2, 2.9.19.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with contributor role or higher. WordPress multisite installations are also affected.

📦 What is this software?

Pods by Podsfoundation

View all CVEs affecting Pods →

Pods by Podsfoundation

View all CVEs affecting Pods →

Pods by Podsfoundation

View all CVEs affecting Pods →

Pods by Podsfoundation

View all CVEs affecting Pods →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise allowing data theft, malware deployment, and complete site takeover.

🟠

Likely Case

Unauthorized code execution leading to data manipulation, backdoor installation, or privilege escalation.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.11, 2.9.19.2, 2.8.23.2, 2.7.31.2

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039486%40pods%2Ftrunk&old=3039467%40pods%2Ftrunk

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Pods plugin and click 'Update Now'. 4. Verify update to version 3.0.11 or later.

🔧 Temporary Workarounds

Disable Pods plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate pods

Restrict user roles

all

Limit contributor and higher role assignments

🧯 If You Can't Patch

  • Implement strict access controls and limit contributor role assignments
  • Enable web application firewall with RCE protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Pods version. If version is 3.0.10 or earlier (except 2.7.31.2, 2.8.23.2, 2.9.19.2), you are vulnerable.

Check Version:

wp plugin list --name=pods --field=version

Verify Fix Applied:

Confirm Pods plugin version is 3.0.11, 2.9.19.2, 2.8.23.2, or 2.7.31.2 in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

  • Unusual shortcode execution in WordPress logs
  • PHP execution attempts from user accounts
  • Suspicious file creation/modification

Network Indicators:

  • Unexpected outbound connections from web server
  • Command and control traffic patterns

SIEM Query:

source="wordpress" AND ("pods" OR "shortcode") AND ("exec" OR "system" OR "shell_exec")

📊 Metadata

CVE ID: CVE-2023-6999
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: April 9, 2024
Last Updated: January 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON