Filtered by vendor Valvepress
Subscriptions
Filtered by product Pinterest Automatic Pin
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4380 | 1 Valvepress | 1 Pinterest Automatic Pin | 2024-08-03 | 9.8 Critical |
| The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors. | ||||
Page 1 of 1.