CVE-2024-1213

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Mar 21, 2024

Summary

CVE-2024-1213 is a vulnerability in the Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress, affecting all versions up to and including 6.5.4. The vulnerability is due to missing or incorrect nonce validation on certain functions, specifically esf_insta_save_access_token and efbl_save_facebook_access_token. This allows unauthenticated attackers to connect their Facebook and Instagram pages to the site through a forged request, provided they can deceive a site administrator into taking an action, such as clicking on a link. The risk score for this vulnerability is 25, with a base severity of MEDIUM. It requires user interaction and has low integrity and confidentiality impact, but can result in some availability impact. The CVE ID is CVE-2024-1213.

Remediation for this vulnerability would involve updating the Easy Social Feed plugin to a version beyond 6.5.4 or applying any available patches or fixes provided by the plugin developer. Organizations using this plugin should be vigilant in keeping their software up-to-date to mitigate the risk of exploitation. Failure to address this vulnerability could allow attackers unauthorized access to the site's social media accounts, potentially leading to unauthorized posts, data breaches, or other malicious activities that could harm the organization's reputation and compromise user trust.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-1213 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options