Exploit for Pods < 2.7.29 - Multiple Authenticated Stored Cross-Site Scripting (XSS)

Name: Exploit for Pods < 2.7.29 - Multiple Authenticated Stored Cross-Site Scripting (XSS)
Rating: 5 (297 reviews)

2021-08-06 | CVSS 0.5

## https://sploitus.com/exploit?id=WPEX-ID:FE6995D7-A755-48DD-ADE8-651907878E41
1. Go to /wp-admin/admin.php?page=pods
2. Edit one of the pods
3. Choose "Labels" menu
4. In "Label", "Singular Label", "Add New", or "All" input field, you can inject an XSS payload, Example: <img src=x onerror=alert(1)>
5. Save and XSS payload will be executed