Unauthorized Access to Database Reset Function in Enjoy Social Feed Plugin for WordPress
CVE-2024-0780

Currently unrated

Key Information:

Vendor: Wordpress
Status: Enjoy Social Feed Plugin For WordPress Website
Vendor: CVE Published:; 18 March 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action

Affected Version(s)

Enjoy Social Feed plugin for WordPress website 0 <= 6.2.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-0780 - Proof of Concept

References

https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Mar 18, 2024
👾
Exploit known to exist
Mar 18, 2024
Vulnerability published
Mar 18, 2024
Vulnerability Reserved
Jan 22, 2024

Credit

Erwan LR (WPScan)

WPScan