8.8
CVE-2024-0780
- EPSS 0.45%
- Veröffentlicht 18.03.2024 19:15:06
- Zuletzt bearbeitet 14.03.2025 17:15:40
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginEnjoy Social Feed plugin for WordPress website <= 6.2.2 - Missing Authorization to Database Reset
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action
Mögliche Gegenmaßnahme
Enjoy Social Feed plugin for WordPress website: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Enjoy Social Feed plugin for WordPress website
Version
*-6.2.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mediabetaprojects ≫ Enjoy Social Feed SwPlatformwordpress Version <= 6.2.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.627 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.