CVE-2024-0780 Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset

2024-03-1819:05:41

WPScan

www.cve.org

enjoy social feed

unauthorized database reset

authenticated users

security vulnerability

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Enjoy Social Feed plugin for WordPress website",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "6.2.2"
      }
    ],
    "defaultStatus": "affected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/