CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0780 – Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
https://notcve.org/view.php?id=CVE-2024-0780
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action El complemento Enjoy Social Feed plugin for WordPress website de WordPress hasta 6.2.2 no tiene autorización para restablecer su base de datos, lo que permite que cualquier usuario autenticado, como un suscriptor, realice dicha acción. The Enjoy Social Feed plugin for WordPress website plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check when accessing the enjoyinstagram_plugin_options page in all versions up to, and including, 6.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the plugin's database. • https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0779 – Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking
https://notcve.org/view.php?id=CVE-2024-0779
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example El complemento Enjoy Social Feed plugin for WordPress website de WordPress hasta 6.2.2 no tiene autorización ni CSRF en varias funciones vinculadas a admin_init, lo que permite a usuarios no autenticados llamarlos y desvincular cuentas de Instagram de usuarios arbitrarios, por ejemplo. The Enjoy Social Feed plugin for WordPress website plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions hooked via admin_init in all versions up to, and including, 6.2.2. This makes it possible for unauthenticated attackers to perform actions like unlinking a users instagram account. • https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-b6456e1924e2 • CWE-862: Missing Authorization •