4 matches found
CVE-2021-24217
The CVE-2021-24217 entry concerns the WordPress Facebook for WordPress plugin prior to version 3.0.0. The vulnerability arises because run_action deserializes user-supplied data, enabling PHP object injection, and an available magic method could be exploited to achieve remote code execution. Affe...
CVE-2014-6392
The CVE-2014-6392 entry concerns an XSS vulnerability in the Facebook iOS apps: Facebook 14.0 and Messenger 10.0, exploitable via a crafted filename extension that is mishandled during MIME sniffing of chat traffic. The vendor disputes the impact, noting an interstitial warning is shown and the H...
CVE-2008-0660
The CVE-2008-0660 vulnerability affects the Aurigma Image Uploader ActiveX control (ImageUploader4.ocx: 4.6.17.0, 4.5.70.0, 4.5.126.0 and ImageUploader5: 5.0.10.0) as used by Facebook PhotoUploader 4.5.57.0. It is caused by stack-based buffer overflows in the ExtractExif and ExtractIptc propertie...
CVE-2021-24218
The CVE-2021-24218 entry concerns the Facebook for WordPress plugin (WordPress Facebook Pixel) versions before 3.0.4. Root cause: CSRF due to lack of nonce protection in the AJAX handlers wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings, with additional input sanitization gaps in saveFbe...