CVE-2024-3662
WPZOOM Social Feed Widget & Block <= 2.1.13 - Missing Authorization to Authenticated (Subscriber+) Instagram Image Deletion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all Instagram images installed on the site.
El complemento WPZOOM Social Feed Widget & Block para WordPress es vulnerable al acceso no autorizado debido a una falta de verificación de capacidad en la función wpzoom_instagram_clear_data() en todas las versiones hasta la 2.1.13 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen todas las imágenes de Instagram instaladas en el sitio.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-11 CVE Reserved
- 2024-04-12 CVE Published
- 2024-04-14 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wpzoom Search vendor "Wpzoom" | WPZOOM Social Feed Widget & Block Search vendor "Wpzoom" for product "WPZOOM Social Feed Widget & Block" | <= 2.1.13 Search vendor "Wpzoom" for product "WPZOOM Social Feed Widget & Block" and version " <= 2.1.13" | en |
Affected
| ||||||