CVE-2024-1213

Summary

CVE-2024-1213 is a vulnerability in the Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress, affecting all versions up to and including 6.5.4. The vulnerability is due to missing or incorrect nonce validation on certain functions, specifically esf_insta_save_access_token and efbl_save_facebook_access_token. This allows unauthenticated attackers to connect their Facebook and Instagram pages to the site through a forged request, provided they can deceive a site administrator into taking an action, such as clicking on a link. The risk score for this vulnerability is 25, with a base severity of MEDIUM. It requires user interaction and has low integrity and confidentiality impact, but can result in some availability impact. The CVE ID is CVE-2024-1213. Remediation for this vulnerability would involve updating the Easy Social Feed plugin to a version beyond 6.5.4 or applying any available patches or fixes provided by the plugin developer. Organizations using this plugin should be vigilant in keeping their software up-to-date to mitigate the risk of exploitation. Failure to address this vulnerability could allow attackers unauthorized access to the site's social media accounts, potentially leading to unauthorized posts, data breaches, or other malicious activities that could harm the organization's reputation and compromise user trust.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.