CVE-2024-0780

HIGH

WordPress plugin <6.2.2 - Privilege Escalation

Title source: llm

Description

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/

Scores

CVSS v3 8.8

EPSS 0.0045

EPSS Percentile 63.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-862

Status published

Affected Products (1)

mediabetaprojects/enjoy_social_feed < 6.2.2

Timeline

Published Mar 18, 2024

Tracked Since Feb 18, 2026