CVE-2024-1214

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 21, 2024

Summary

CVE-2024-1214: A vulnerability affects the Easy Social Feed plugin for WordPress versions up to 6.5.4. The issue stems from insufficient nonce validation in the save_groups_list function, leading to a Cross-Site Request Forgery (CSRF) weakness. Unauthenticated attackers can exploit this flaw by tricking site administrators into executing a malicious request, enabling them to disconnect a site's Facebook or Instagram page/group connection.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uYQkbI
https://www.cve.org/CVERecord?id=CVE-2024-1214
https://nvd.nist.gov/vuln/detail/CVE-2024-1214

Back to Vulnerability Database

CVE-2024-1214

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations