Headline
CVE-2022-36341: WordPress AS – Create Pinterest Pinboard Pages plugin <= 1.0 - Authenticated plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni’s AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress.
Verified
Not fixed
5.4
CVSS 3.1 score Medium severity
Monitoring Coming soon
Software
AS – Create Pinterest Pinboard Pages
Vulnerable versions
<= 1.0
PSID
a92dbce87906
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires subscriber or higher role user authentication.
Publicly disclosed
2022-08-10
Details
Authenticated plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability discovered by ptsfence in WordPress AS – Create Pinterest Pinboard Pages plugin (versions <= 1.0).
Solution
No fix is available.
References