ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Pinterest Feed plugin <=1.1.1 - Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities

Product
Pinterest Feed
Description
Multiple Authenticated Cross-Site Scripting (XSS) vulnerabilities found by d4wner in WordPress Pinterest Feed plugin (versions <=1.1.1).
Solution
Update the WordPress Pinterest Feed plugin to the latest available version (at least 1.1.2).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2018-5653, 2018-5654, 2018-5655
Versions
Affected In <=1.1.1
Fixed In 1.1.2
Disclosure date
2018-01-22
Credits
d4wner
Submitter
ThreatPress