36 matches found
EUVD-2017-8306
Malware in sbrugna...
CVE-2024-0779
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admininit, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example...
CVE-2024-0780
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action...
org.noear:folkmq-broker-embedded (>=1.7.8 <=1.7.11), org.noear:grit-server-solon-plugin (>=2.0.0 <=2.0.1) +21 more potentially affected by CVE-2025-2961 via org.noear:solon-view (>=2.9.2-M1 <=3.1.0)
org.noear:solon-view MAVEN version =2.9.2-M1, =1.7.8, =2.0.0, =2.0.0, =1.9.2, =1.8.0, =1.8.0, =3.10.0, =3.10.0, =3.10.0, =2.9.2, =2.9.2, =2.9.2, =2.9.2, =2.9.2, =2.9.2, =3.10.7 and more Source cves: CVE-2025-2961 Source advisory: OSV:GHSA-2M4Q-2C6R-HMC3...
WordPress Enjoy Social Feed plugin for WordPress website Plugin <= 6.2.2 is vulnerable to Broken Access Control
Software Enjoy Social Feed plugin for WordPress website Type Plugin Vulnerable versions = 6.2.2 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-0780 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0adff21e032c...
CVE-2024-0780
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action...
CVE-2024-0779
The CVE-2024-0779 entry concerns the WordPress plugin Enjoy Social Feed (
CVE-2024-0779 Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admininit, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example...
CVE-2024-0779 Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admininit, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example...
CVE-2024-0780 Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action...
CVE-2024-0780
The CVE-2024-0780 affects the WordPress plugin Enjoy Social Feed (versions up to 6.2.2). The underlying issue is Broken Access Control: the database reset function lacks authorization, allowing any authenticated user (e.g., Subscribers) to reset the plugin’s database. Reported CVSS v3.1 base metr...
WordPress Plugin Enjoy Social Feed Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-15812 · WordPress · Enjoy Social Feed
Name of the Vulnerable Software and Affected Versions: Enjoy Social Feed plugin for WordPress website versions through 6.2.2 Description: The issue concerns a lack of authorization and CSRF protection in various functions hooked to admin init, allowing unauthenticated users to call them and unlin...
WordPress Plugin Enjoy Social Feed Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
Description The plugin does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action Log in as a subscriber, access the Diagnostic tab of the plugin /wp-admin/admin.php?page=enjoyinstagrampluginoptions&tab=diagnostic and click...
Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
Description The plugin does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action PoC Log in as a subscriber, access the Diagnostic tab of the plugin /wp-admin/admin.php?page=enjoyinstagrampluginoptions=diagnostic and click...
enjoy-crete.com Cross Site Scripting vulnerability OBB-3855010
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Enjoy Social Feed plugin for WordPress website Plugin <= 6.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Enjoy Social Feed plugin for WordPress website Type Plugin Vulnerable versions = 6.2.0 Fixed in 6.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 1013d383aace Credits Rafie...
enjoy-finance.de Cross Site Scripting vulnerability OBB-1420131
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
enjoy-israel.ru Cross Site Scripting vulnerability OBB-1277810
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...