CVE-2024-0779 Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking

2024-03-1819:05:42

WPScan

github.com

cve-2024-0779; enjoy social feed; unauthenticated; instagram account unlinking; csrf; wordpress plugin

AI Score

7.1

Confidence

High

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:enjoy_social_feed_plugin_for_wordpress_website:enjoy_social_feed_plugin_for_wordpress_website:*:*:*:*:*:*:*:*"
    ],
    "vendor": "enjoy_social_feed_plugin_for_wordpress_website",
    "product": "enjoy_social_feed_plugin_for_wordpress_website",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "6.2.2"
      }
    ],
    "defaultStatus": "unknown"
  }
]