WordPress Plugin Vulnerabilities

Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update

Description

The plugin was vulnerable to Unauthenticated Arbitrary Options Update.

Affects Plugins

Plugin icon
wp-pinterest-automatic
Fixed in 4.14.4

References

CVE
CVE-2021-4380
URL
https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-pinterest-automatic-plugin/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
NinTechNet
Verified
No
WPVDB ID
ffd344fd-de2c-4f27-8932-41aa0a3c3d05

Timeline

Publicly Published
2021-09-06 (about 2 years ago)
Added
2021-09-06 (about 2 years ago)
Last Updated
2023-06-08 (about 10 months ago)

Other

Published
Title
Published
2021-08-18
Title
Visual Link Preview < 2.2.3 - Unauthorised AJAX Calls
Published
2021-07-12
Title
Frontend File Manager < 18.3 - Privilege Escalation
Published
2021-06-30
Title
SEO Wizard <= 4.0.2 - Unauthorised AJAX Calls
Published
2024-02-16
Title
WP Maintenance < 6.1.7 - Information Exposure
Published
2020-08-21
Title
Contact Form - Form builder by Kali Forms < 2.1.2 - Authenticated Plugin's Settings Change