CVE-2020-36838 – Facebook Chat Plugin <= 1.5 - Missing Capabilities Check
https://notcve.org/view.php?id=CVE-2020-36838
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. • https://www.wordfence.com/threat-intel/vulnerabilities/id/36ae4183-5fa7-484c-b858-5df10ae3d3f2?source=cve https://www.wordfence.com/blog/2020/08/the-official-facebook-chat-plugin-created-vector-for-social-engineering-attacks • CWE-284: Improper Access Control •
CVE-2013-4593
https://notcve.org/view.php?id=CVE-2013-4593
RubyGem omniauth-facebook has an access token security vulnerability RubyGem omniauth-facebook presenta una vulnerabilidad de seguridad de token de acceso. • http://www.openwall.com/lists/oss-security/2013/11/18/6 https://access.redhat.com/security/cve/cve-2013-4593 https://exchange.xforce.ibmcloud.com/vulnerabilities/89040 https://security-tracker.debian.org/tracker/CVE-2013-4593 • CWE-287: Improper Authentication •
CVE-2019-15841 – Facebook for WooCommerce <= 1.9.12 - Cross-Site Request Forgery allowing Option Update
https://notcve.org/view.php?id=CVE-2019-15841
The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. El plugin de facebook-for-woocommerce anterior a la versión 1.9.15 para WordPress tiene CSRF a través de ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, o ajax_fb_toggle_visibility. • https://wordpress.org/plugins/facebook-for-woocommerce/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-15840 – Facebook for WooCommerce <= 1.9.12 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-15840
The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. El plugin facebook-for-woocommerce anterior a la versión 1.9.14 para WordPress tiene CSRF. • https://wordpress.org/plugins/facebook-for-woocommerce/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-6858 – Facebook Clone Script 1.0.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6858
Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script. Existe Cross-Site Scripting (XSS) en PHP Scripts Mall Facebook Clone Script. Facebook Clone Script version 1.0.5 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •