ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Pinterest Feed plugin <=1.1.1 - Cross-Site Request Forgery (CSRF) vulnerability

Product
Pinterest Feed
Description
Cross-Site Request Forgery (CSRF) vulnerability found by d4wner in WordPress Pinterest Feed plugin (versions <=1.1.1).
Solution
Update the WordPress Pinterest Feed plugin to the latest available version (at least 1.1.2).
Classification
Type Cross Site Request Forgery (CSRF)
OWASP Top 10 A8: Cross Site Request Forgery (CSRF)
References
Plugin changelog
CVE
Name CVE-2018-5656
Versions
Affected In <=1.1.1
Fixed In 1.1.2
Disclosure date
2018-01-22
Credits
d4wner
Submitter
ThreatPress