CVE-2024-0779

State: PUBLISHED · Published: 2024-03-18 · Updated: 2024-08-28 · Assigner: WPScan

Description

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example

CWE

(none)

Affected

Unknown / Enjoy Social Feed plugin for WordPress website — v=0 ≤6.2.2 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-b6456e1924e2/ exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2024/0xxx/CVE-2024-0779.json