CVE-2021-4380

CRITICAL Year: 2021
CVSS v3 Score
9.8
Critical
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.

Related Vulnerabilities

CVE-2004-2776

CRITICAL
CVSS:9.8(Critical)

go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.

NVD-CWE-Other2004

CVE-2005-2354

CRITICAL
CVSS:9.8(Critical)

Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.

NVD-CWE-Other2005

CVE-2006-2827

CRITICAL
CVSS:9.8(Critical)

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the...

NVD-CWE-Other2006

CVE-2006-4264

CRITICAL
CVSS:9.8(Critical)

Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_abso...

NVD-CWE-Other2006

CVE-2006-4428

CRITICAL
CVSS:9.8(Critical)

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, sinc...

NVD-CWE-Other2006