{"id":"CVE-2025-1446","details":"The Pods  WordPress plugin before 3.2.8.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks","modified":"2026-04-10T05:21:30.541416Z","published":"2025-03-23T06:15:12.110Z","references":[{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/c170fb45-7ed5-40ef-99f6-8da035a23d89/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pods-framework/pods","events":[{"introduced":"0"},{"fixed":"69d701170803792ac841e07827b7c5e1aba1433b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.2.8.2"}]}}],"versions":["1.0.0","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.10","1.10.1","1.10.2","1.10.3","1.10.4","1.10.5","1.10.6","1.10.7","1.11.0","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.3.0","1.3.1","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","1.5.0","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.5.9","1.6.0","1.6.1","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.7.0","1.7.1","1.7.2","1.7.3","1.7.4","1.7.5","1.7.6","1.7.7","1.7.8","1.7.9","1.8.0","1.8.1","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.8.7","1.8.8","1.8.9","1.9.0","1.9.1","1.9.2","1.9.2.1","1.9.2.2","1.9.3","1.9.3.1","1.9.4","1.9.5","1.9.5.1","1.9.6","1.9.6.1","1.9.6.2","1.9.6.3","1.9.7","1.9.7.1","1.9.7.2","1.9.7.3","1.9.7.4","1.9.8","2.0.0","2.0.1","2.0.2","2.0.3","2.0.3.1","2.0.4","2.0.4.1","2.0.5","2.1.0","2.2.0","2.3.0","2.3.1","2.3.10","2.3.11","2.3.12","2.3.14","2.3.15","2.3.16","2.3.17","2.3.18","2.3.2","2.3.3","2.3.3.1","2.3.4","2.3.5","2.3.5.1","2.3.6","2.3.7","2.3.8","2.3.9","2.4.0","2.4.1","2.4.2","2.4.3","2.5.0","2.5.1","2.5.1.1","2.5.1.2","2.5.2","2.5.3","2.5.4","2.5.5","2.6.1","2.6.10","2.6.11","2.6.2","2.6.3","2.6.3.1","2.6.4","2.6.5","2.6.5.1","2.6.5.2","2.6.6","2.6.7","2.6.8","2.7.0","2.7.1","2.7.10","2.7.11","2.7.12","2.7.13","2.7.14","2.7.15","2.7.16.1","2.7.16.2","2.7.17","2.7.17.1","2.7.18","2.7.2","2.7.2.1","2.7.20","2.7.20.1","2.7.21","2.7.22","2.7.23","2.7.24","2.7.25","2.7.26","2.7.27","2.7.28","2.7.29","2.7.3","2.7.30","2.7.31","2.7.4","2.7.5","2.7.6","2.7.7","2.7.8","2.7.9","2.8.0","2.8.1","2.8.10","2.8.11","2.8.12","2.8.13","2.8.14","2.8.15","2.8.16","2.8.17","2.8.18","2.8.19","2.8.2","2.8.20","2.8.21","2.8.22","2.8.23","2.8.3","2.8.4","2.8.4.1","2.8.5","2.8.6","2.8.7","2.8.8","2.8.8.1","2.8.9","2.9.0","2.9.1","2.9.10","2.9.10.1","2.9.10.2","2.9.11","2.9.11.1","2.9.12","2.9.12.1","2.9.12.2","2.9.13","2.9.14","2.9.15","2.9.16","2.9.17","2.9.18","2.9.19","2.9.2","2.9.3","2.9.4","2.9.5","2.9.6","2.9.7","2.9.8","2.9.9","3.0.0","3.0.1","3.0.10","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.1.0","3.1.1","3.1.2","3.1.3","3.1.4","3.2.0","3.2.1","3.2.1.1","3.2.2","3.2.4","3.2.5","3.2.6","3.2.7","3.2.7.1","3.2.8","3.2.8.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1446.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}