CVE-2024-0780

2024-03-1819:15:06

[email protected]

web.nvd.nist.gov

cve-2024-0780

enjoy social feed

wordpress plugin

database reset

authorisation issue

nvd

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action

Affected configurations

Vulners

Node

wordpresslanoba_social_pluginRange≤6.2.2

VendorProductVersionCPE
wordpresslanoba_social_plugin*cpe:2.3:a:wordpress:lanoba_social_plugin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wordpress	lanoba_social_plugin	*	cpe:2.3:a:wordpress:lanoba_social_plugin::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Enjoy Social Feed plugin for WordPress website",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "6.2.2"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/