Description

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.

Remediation

References

https://github.com/d4wner/Vulnerabilities-Report/blob/master/weblizar-pinterest-feeds.md

https://wpvulndb.com/vulnerabilities/9009

Related Vulnerabilities

CVE-2022-1291 Vulnerability in npm package tableexport.jquery.plugin

CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap

CVE-2020-17519 Vulnerability in maven package org.apache.flink:flink-runtime_2.12

CVE-2021-32659 Vulnerability in npm package matrix-appservice-bridge

CVE-2020-16022 Vulnerability in npm package electron

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory VDB Entry