PatchSiren cyber security CVE debrief
CVE-2026-54191 Pods Framework CVE debrief
CVE-2026-54191 is a Unauthenticated Cross Site Scripting (XSS) vulnerability affecting Pods versions up to 3.3.8. The vulnerability has a CVSS score of 7.1 and is classified as HIGH severity. The CVE was published and modified on 2026-06-16T10:16:28.483Z.
- Vendor
- Pods Framework
- Product
- Pods
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of Pods plugin version up to 3.3.8 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by an unauthenticated Cross Site Scripting (XSS) issue in Pods plugin version up to 3.3.8. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Update Pods plugin to a version higher than 3.3.8.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/pods/vulnerability/wordpress-pods-plugin-3-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve) for mitigation or vendor reference.
Evidence notes
The vendor information is currently unknown and marked as 'Unknown Vendor'.
Official resources
-
CVE-2026-54191 CVE record
CVE.org
-
CVE-2026-54191 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-54191 was published and modified on 2026-06-16T10:16:28.483Z.