Lucene search
Erwan LR (WPScan)WPVDB-ID:BE3045B1-72E6-450A-8DD2-4702A9328447HistoryFeb 20, 2024 - 12:00 a.m.
Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
2024-02-2000:00:00
Erwan LR (WPScan)
wpscan.com
7
enjoy social feed
vulnerability
database reset
authorization
subscribers
Description The plugin does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action
PoC
Log in as a subscriber, access the Diagnostic tab of the plugin (/wp-admin/admin.php?page=enjoyinstagram_plugin_options&tab;=diagnostic) and click on the re-install database button at the bottom
Related
nvd
nvd
CVE-2024-0780
2024-03-18 19:15:06
cve
cve
CVE-2024-0780
2024-03-18 19:15:06
wpexploit
wpexploit
Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
2024-02-20 00:00:00
cvelist
cvelist
CVE-2024-0780 Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
2024-03-18 19:05:41
6.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:BE3045B1-72E6-450A-8DD2-4702A9328447