WordPress Plugin Vulnerabilities

GS Pins for Pinterest Lite < 1.8.1 - Missing Authorization via _update_shortcode

Description

The plugin is vulnerable to unauthorized modification of data due to a missing capability check and a misconfigured nonce check on the _update_shortcode function, allowing authenticated attackers, with subscriber access and above, to update the plugin's shortcodes.

Affects Plugins

Plugin icon
gs-pinterest-portfolio
Fixed in 1.8.1

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3f81003b-8214-4fa3-960f-81b166623de9

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Verified
No
WPVDB ID
45ca5775-a5e6-44d8-97a8-e75238f702a5

Timeline

Publicly Published
2023-11-21 (about 2 years ago)
Added
2024-01-24 (about 2 years ago)
Last Updated
2024-01-24 (about 2 years ago)

Other

Published
Title
Published
2026-04-15
Title
Riaxe Product Customizer <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Options Update to Privilege Escalation via 'install-imprint' AJAX Action
Published
2025-04-24
Title
BM Content Builder < 3.16.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
Published
2025-04-04
Title
SurveyJS < 1.12.57 - Missing Authorization
Published
2025-11-28
Title
Show Variations as Single Products Woocommerce < 3.0 - Missing Authorization
Published
2023-12-26
Title
Essential Blocks for Gutenberg < 4.2.1 - Contributor+ Unauthorised Actions