Pinterest Feed <= 1.1.1 – Authenticated XSS & CSRF | CVE 2018-5653

Affects Plugins

weblizar-pinterest-feeds

Fixed in 1.1.2

References

CVE

CVE-2018-5653

CVE

CVE-2018-5654

CVE

CVE-2018-5655

CVE

CVE-2018-5656

URL

https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md

URL

https://plugins.trac.wordpress.org/changeset/1802261/weblizar-pinterest-feeds

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

8.8 (high)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

7cedab32-90b5-4ee0-a072-8c087da1bfb1

Timeline

Publicly Published

2018-01-12 (about 8 years ago)

Added

2018-01-22 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2021-10-18

Title

Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

Published

2026-02-13

Title

Livemesh Addons for Elementor <= 9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2026-04-17

Title

Content Blocks (Custom Post Widget) < 3.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via content_block Shortcode

Published

2024-04-02

Title

Jeg Elementor Kit < 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Box

Published

2023-06-30

Title

WPFactory Helper < 1.5.3 - Reflected Cross-Site Scripting