PT-2024-15813 · WordPress · Enjoy Social Feed
Erwan Lr
·
Published
2024-03-14
·
Updated
2024-03-18
·
CVE-2024-0780
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Enjoy Social Feed plugin for WordPress versions through 6.2.2
Description
The issue concerns a lack of authorization in the database reset functionality of the plugin, allowing any authenticated user to reset the database. This means that even users with limited privileges, such as subscribers, can perform this action.
Recommendations
For versions through 6.2.2, consider disabling the database reset functionality until a patch is available to prevent unauthorized access. Restrict access to the plugin's settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Enjoy Social Feed