CVE-2022-36341 – WordPress AS – Create Pinterest Pinboard Pages plugin <= 1.0 - Authenticated plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2022-36341

Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress. Un Cambio de configuración del plugin autenticado (suscriptor+) conllevando a una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado en el plugin AS - Create Pinterest Pinboard Pages de Akash soni versiones anteriores a 1.0 incluyéndola, en WordPress. The Create Pinterest Pinboard Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘as_edit_pins_page’ ajax action using the post_title parameter in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/as-create-pinterest-pinboard-pages/wordpress-as-create-pinterest-pinboard-pages-plugin-1-0-authenticated-plugin-settings-change-leading-to-stored-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/as-create-pinterest-pinboard-pages • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •