CVE-2024-3662

Name of the Vulnerable Software and Affected Versions WPZOOM Social Feed Widget & Block plugin for WordPress versions up to, and including, 2.1.13

Description The issue is related to unauthorized access due to a missing capability check on the wpzoom instagram clear data() function. This allows authenticated attackers with subscriber-level access and above to delete all Instagram images installed on the site.

Recommendations For versions up to, and including, 2.1.13, update to a version higher than 2.1.13 to resolve the issue. As a temporary workaround, consider disabling the wpzoom instagram clear data() function until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation.