Title: Sorry
Last modified: August 22, 2016

---

# Sorry

 *  Resolved [mythusmage](https://wordpress.org/support/users/mythusmage/)
 * (@mythusmage)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/sorry-13/)
 * But until the XSS vulnerability is dealt with I can not use the plugin.
 * [https://wordpress.org/plugins/pods/](https://wordpress.org/plugins/pods/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Contributor [Josh Pollock](https://wordpress.org/support/users/shelob9/)
 * (@shelob9)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/sorry-13/#post-5806263)
 * As you are probably aware, there was [a published report](http://packetstormsecurity.com/files/129890/WordPress-Pods-2.4.3-CSRF-Cross-Site-Scripting.html)
   of a possible XSS exploit in Pods. This issue was technically true, but posed
   no real practical danger, as you had to be logged in as an administrative user
   to carry them out.
 * For example, when logged in as admin user, you were able to use an XSS exploit
   to delete Pods data. When logged in as an admin user you can also go to Pods 
   Admin->Settings and from the reset data tab click the blue button to delete all
   of your data.
 * Any issues contained in that report that were noted are fixed that we could reproduce.
   Specifically the XSS issue with URL escaping output for valid IDs in the query
   args was fixed because even though it is a minor issue, we do think it is best
   to ensure that gets cleaned up.
 *  then please send it privately to [contact@pods.io](https://wordpress.org/support/topic/sorry-13/contact@pods.io?output_format=md)
   and/ or [security@wordpress.org](https://wordpress.org/support/topic/sorry-13/security@wordpress.org?output_format=md)
   and we will address it.
 *  Thread Starter [mythusmage](https://wordpress.org/support/users/mythusmage/)
 * (@mythusmage)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/sorry-13/#post-5806366)
 * So, it is safe. Guess I give it a try.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Sorry’ is closed to new replies.

 * ![](https://ps.w.org/pods/assets/icon.svg?rev=3286397)
 * [Pods - Custom Content Types and Fields](https://wordpress.org/plugins/pods/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/pods/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/pods/)
 * [Active Topics](https://wordpress.org/support/plugin/pods/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/pods/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/pods/reviews/)

## Tags

 * [xss](https://wordpress.org/support/topic-tag/xss/)

 * 2 replies
 * 2 participants
 * Last reply from: [mythusmage](https://wordpress.org/support/users/mythusmage/)
 * Last activity: [11 years, 4 months ago](https://wordpress.org/support/topic/sorry-13/#post-5806366)
 * Status: resolved