exploitDog

CVE-2024-0779

Опубликовано: 18 мар. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example

Ссылки

https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-b6456e1924e2/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-b6456e1924e2/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mediabetaprojects:enjoy_social_feed:*:*:*:*:*:wordpress:*:*

Версия до 6.2.2 (включая)

EPSS

Процентиль: 54%

0.00308

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-qqm8-xpjj-m663

CVSS3: 8.8

github

почти 2 года назад

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example

EPSS

Процентиль: 54%

0.00308

Низкий

8.8 High

CVSS3

Дефекты

CWE-352