CVE-2024-0780

HIGH

WordPress plugin <6.2.2 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/

Scores

CVSS v3 8.8
EPSS 0.0077
EPSS Percentile 51.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
mediabetaprojects/enjoy_social_feed < 6.2.2
Published Mar 18, 2024
Tracked Since Feb 18, 2026