CVE-2021-4380

Name of the Vulnerable Software and Affected Versions Pinterest Automatic plugin for WordPress versions up to, and including, 1.14.3

Description The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the wp pinterest automatic parse request function and the process form.php script. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.

Recommendations For versions up to, and including, 1.14.3, update to a version higher than 1.14.3 to resolve the issue. As a temporary workaround, consider disabling the wp pinterest automatic parse request function and restricting access to the process form.php script until a patch is available.