Themes Vulnerabilities

Pinfinity Theme < 2.0 - Reflected Cross-site Scripting (XSS)

Description

The pinfinity WordPress theme was affected by a Reflected Cross-site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Themes

pinfinity
Fixed in 2.0

References

CVE
CVE-2017-18599
URL
https://www.cssigniter.com/themes/pinfinity/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
Othmane Tamagart
Submitter website
http://www.secomunity.com
Submitter twitter
@0thm4n_whitehat
Verified
Yes
WPVDB ID
e63dcd3c-b1e6-4cba-b03c-42b3e379e5c5

Timeline

Publicly Published
2017-09-12 (about 8 years ago)
Added
2017-09-12 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-08-29
Title
Cookie Notice & Consent < 1.6.5 - Unauthenticated Stored Cross-Site Scripting
Published
2026-01-08
Title
Debt.com Business in a Box <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
Published
2025-09-22
Title
Easy Hotel Booking <= 1.8.8 - Contributor+ Stored XSS
Published
2025-10-24
Title
Open Source Genesis Framework < 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes
Published
2025-09-05
Title
Easy Download Media Counter <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting