CVE-2024-0780 - Vulnerability Details - OpenCVE

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00447.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Mediabeta	Enjoy Social Feed
Mediabetaprojects	Enjoy Social Feed

Configuration 1 [-]

cpe:2.3:a:mediabetaprojects:enjoy_social_feed:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-16568	The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/

History

Fri, 14 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mediabeta Mediabeta enjoy Social Feed
CPEs		cpe:2.3:a:mediabeta:enjoy_social_feed::::::::
Vendors & Products		Mediabeta Mediabeta enjoy Social Feed
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 27 Feb 2025 04:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mediabetaprojects Mediabetaprojects enjoy Social Feed
Weaknesses		CWE-862
CPEs		cpe:2.3:a:mediabetaprojects:enjoy_social_feed::::::wordpress::*
Vendors & Products		Mediabetaprojects Mediabetaprojects enjoy Social Feed
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-03-18T19:05:41.368Z

Updated: 2025-03-14T16:20:28.257Z

Reserved: 2024-01-22T10:32:40.148Z

Link: CVE-2024-0780

Vulnrichment

Updated: 2024-08-01T18:18:18.158Z

NVD

Status : Modified

Published: 2024-03-18T19:15:06.437

Modified: 2025-03-14T17:15:40.607

Link: CVE-2024-0780

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0780", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-01-22T10:32:40.148Z", "datePublished": "2024-03-18T19:05:41.368Z", "dateUpdated": "2025-03-14T16:20:28.257Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-03-18T19:05:41.368Z"}, "title": "Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset", "problemTypes": [{"descriptions": [{"description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Enjoy Social Feed plugin for WordPress website", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "6.2.2"}], "defaultStatus": "affected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action"}], "references": [{"url": "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Erwan LR (WPScan)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.158Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}, {"affected": [{"vendor": "mediabeta", "product": "enjoy_social_feed", "cpes": ["cpe:2.3:a:mediabeta:enjoy_social_feed:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "6.2.2", "versionType": "semver"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-19T15:46:46.679516Z", "id": "CVE-2024-0780", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T16:20:28.257Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:18:18.158Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-0780", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-19T15:46:46.679516Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:mediabeta:enjoy_social_feed:*:*:*:*:*:*:*:*"], "vendor": "mediabeta", "product": "enjoy_social_feed", "versions": [{"status": "affected", "version": "0", "lessThan": "6.2.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T15:36:03.754Z"}}], "cna": {"title": "Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Erwan LR (WPScan)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Enjoy Social Feed plugin for WordPress website", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "6.2.2"}], "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "affected"}], "references": [{"url": "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-03-18T19:05:41.368Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0780", "state": "PUBLISHED", "dateUpdated": "2025-03-14T16:20:28.257Z", "dateReserved": "2024-01-22T10:32:40.148Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-03-18T19:05:41.368Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediabetaprojects:enjoy_social_feed:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4032E768-CD09-4AF3-B232-9F4B3095DBAD", "versionEndIncluding": "6.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action"}, {"lang": "es", "value": "El complemento Enjoy Social Feed plugin for WordPress website de WordPress hasta 6.2.2 no tiene autorizaci\u00f3n para restablecer su base de datos, lo que permite que cualquier usuario autenticado, como un suscriptor, realice dicha acci\u00f3n."}], "id": "CVE-2024-0780", "lastModified": "2025-03-14T17:15:40.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-03-18T19:15:06.437", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}