Unauthorized Access to Instagram Accounts via Enjoy Social Feed Plugin
CVE-2024-0779

Currently unrated

Key Information:

Vendor: Wordpress
Status: Enjoy Social Feed Plugin For WordPress Website
Vendor: CVE Published:; 18 March 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-0779?

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example

Affected Version(s)

Enjoy Social Feed plugin for WordPress website 0 <= 6.2.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-0779 - Proof of Concept

References

https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-...

exploitvdb-entrytechnical-description

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 18, 2024
👾
Exploit known to exist
Mar 18, 2024
Vulnerability published
Mar 18, 2024
Vulnerability Reserved
Jan 22, 2024

Credit

Krzysztof Zając (CERT PL)

WPScan

Wordpress