CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

217 matches found

Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting

The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. id: CVE-2017-18517 info: name: Pinterest by BestWebSoft 1.0.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues...

6.1CVSS6.4AI score0.00059EPSS

Exploits1References4

Nuclei•added 17 hours ago•7 views

Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...

9.8CVSS7.3AI score0.8067EPSS

Exploits1References5

Patchstack•added 2026/04/08 7:51 a.m.•1 views

WordPress Pinterest Site Verification plugin using Meta Tag plugin <= 1.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var' vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'postvar' vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Pinterest Site Verification plugin using Meta Tag versions = 1.8...

6.4CVSS5.9AI score0.00055EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/08 6:43 a.m.•0 views

CVE-2026-3142 Pinterest Site Verification plugin using Meta Tag <= 1.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var'

The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postvar' parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6.1AI score0.00055EPSS

Exploits0References8

Cvelist•added 2026/04/08 6:43 a.m.•16 views

CVE-2026-3142 Pinterest Site Verification plugin using Meta Tag <= 1.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var'

6.4CVSS0.00055EPSS

Exploits0References8

CNNVD•added 2026/04/08 12:0 a.m.•3 views

WordPress plugin Pinterest Site Verification plugin using Meta Tag 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00055EPSS

Exploits0References8

Positive Technologies•added 2026/04/08 12:0 a.m.•0 views

PT-2026-31092

Name of the Vulnerable Software and Affected Versions Pinterest Site Verification plugin using Meta Tag plugin for WordPress versions up to and including 1.8 Description The Pinterest Site Verification plugin using Meta Tag plugin for WordPress is susceptible to Stored Cross-Site Scripting throug...

6.4CVSS5.8AI score0.00055EPSS

Exploits0References11

Patchstack•added 2026/02/03 7:55 a.m.•4 views

WordPress WordPress Pinterest Plugin - Make a Popup, User Profile, Masonry and Gallery Layout plugin <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

WordPress WordPress Pinterest Plugin - Make a Popup, User Profile, Masonry and Gallery Layout plugin = 1.8.8 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Peter Thaleikis in WordPress Plugin GS Pins for Pinterest versions = 1.8.8...

6.4CVSS5.3AI score0.00233EPSS

Exploits0References1Affected Software1