CVE-2021-4380
published 2023-06-07CVE-2021-4380: The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the…
PriorityP180critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.53%
90.4th percentile
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| valvepress | pinterest_automatic | <= 4.14.3 | — |
| valvepress | pinterest_automatic_pin | < 4.14.4 | 4.14.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated POST requests to /?wp_pinterest_automatic=settings, which abuses the missing capability check on wp_pinterest_automatic_parse_request to update arbitrary WordPress options. ↗
- →A successful exploit returns HTTP 200 with an empty body (len(body)==0), followed by the modified option value being reflected on the site homepage. ↗
- →Monitor for unauthenticated requests to process_form.php in the Pinterest Automatic plugin, which also lacks capability checks and can be used to update arbitrary options. ↗
- →Watch for arbitrary WordPress option updates (e.g., blogdescription) via unauthenticated POST requests — a sign of privilege escalation or admin account creation attempts. ↗
- →Content-Type: application/x-www-form-urlencoded is used in the exploit POST request; correlate with the wp_pinterest_automatic query parameter to identify exploitation attempts. ↗
- ·The vulnerability affects Pinterest Automatic plugin versions up to and including 1.14.3; ensure version detection is part of your asset inventory checks. ↗
- ·Both the wp_pinterest_automatic_parse_request function and the process_form.php script are independently exploitable attack surfaces due to missing capability checks — both must be patched/monitored. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mmhw-42fh-v6gr: The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_par
ghsa_unreviewed·2023-06-07
CVE-2021-4380 [CRITICAL] CWE-284 GHSA-mmhw-42fh-v6gr: The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_par
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.
VulnCheck
Pinterest Automatic plugin for WordPress Authorization Bypass
vulncheck·2021·CVSS 9.8
CVE-2021-4380 [CRITICAL] Pinterest Automatic plugin for WordPress Authorization Bypass
Pinterest Automatic plugin for WordPress Authorization Bypass
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wp_pinterest_automatic_parse_request' function and the 'process_form.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to update arbitrary options on a site that can be used to create new administrative user accounts or redirect unsuspecting site visitors.
Affected: valvepress pinterest_automatic_pin
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugi
No detection rules found.
Nuclei
Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update
nuclei·CVSS 9.8
CVE-2021-4380 [CRITICAL] Pinterest Automatic < 4.14.4 - Unauthenticated Arbitrary Options Update
Pinterest Automatic (.*?)'
internal: true
- raw:
- |
POST /?wp_pinterest_automatic=settings HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
blogdescription={{common-blog-description}}!
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'len(body)==0'
condition: and
internal: true
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "{{common-blog-description}}!")'
condition: and
# digest: 4b0a00483046022100ab9bfe1ca8a82fba4b5ed9ec1bdd080b34f98cc5a60172d7235152b8af5e52f5022100f5c094ceedacb8acc23ab6474f0da0cc8f4fb2dc251c0f9f071a8cfd50d2cc8e:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-pinterest-automatic-plugin/https://wpscan.com/vulnerability/ffd344fd-de2c-4f27-8932-41aa0a3c3d05https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-pinterest-automatic-pin-security-bypass-4-14-3/https://www.wordfence.com/threat-intel/vulnerabilities/id/e4fdc902-4cfe-4116-a294-9a0fcb2de346?source=cvehttps://blog.nintechnet.com/critical-vulnerability-fixed-in-wordpress-pinterest-automatic-plugin/https://wpscan.com/vulnerability/ffd344fd-de2c-4f27-8932-41aa0a3c3d05https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-pinterest-automatic-pin-security-bypass-4-14-3/https://www.wordfence.com/threat-intel/vulnerabilities/id/e4fdc902-4cfe-4116-a294-9a0fcb2de346?source=cve
2023-06-07
Published
Exploited in the wild