Stored XSS Vulnerability in Pinterest Verify Meta Tag by Marvie Pons
CVE-2025-30941

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Pinterest Verify Meta Tag
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-30941?

A vulnerability exists in the Pinterest Verify Meta Tag plugin by Marvie Pons, where improper handling of user input can lead to stored cross-site scripting (XSS). This security flaw allows attackers to inject malicious scripts into webpages, which can be executed within the context of a user's browser session. Affected versions range from n/a to 1.3, posing risks to websites utilizing this plugin without necessary precautions.

Affected Version(s)

Pinterest Verify Meta Tag <= 1.3

References

https://patchstack.com/database/wordpress/plugin/pinteres...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Nabil Irawan (Patchstack Alliance)