Lucene search
WpvulndbWPVDB-ID:A1D55D98-637E-4A6C-80DC-B0D9442CD5E7HistoryFeb 02, 2024 - 12:00 a.m.
Feed Them Social < 4.2.1 - Cross-Site Request Forgery via review_nag_check
2024-02-0200:00:00
wpscan.com
4
wordpress
cross-site request forgery
vulnerability
nonce validation
admin notifications
Description The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.0. This is due to missing or incorrect nonce validation on the ‘review_nag_check’ function. This makes it possible for unauthenticated attackers to dismiss admin notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 4.2.1 |
Related
cve
cve
CVE-2024-24710
2024-05-03 08:15:07
cvelist
cvelist
nvd
nvd
CVE-2024-24710
2024-05-03 08:15:07
vulnrichment
vulnrichment
wordfence
wordfence
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
Related for WPVDB-ID:A1D55D98-637E-4A6C-80DC-B0D9442CD5E7