{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-0780","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2024-01-22T10:32:40.148Z","datePublished":"2024-03-18T19:05:41.368Z","dateUpdated":"2025-03-14T16:20:28.257Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2024-03-18T19:05:41.368Z"},"title":"Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset","problemTypes":[{"descriptions":[{"description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Enjoy Social Feed plugin for WordPress website","versions":[{"status":"affected","versionType":"semver","version":"0","lessThanOrEqual":"6.2.2"}],"defaultStatus":"affected","collectionURL":"https://wordpress.org/plugins"}],"descriptions":[{"lang":"en","value":"The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action"}],"references":[{"url":"https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Erwan LR (WPScan)","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:18:18.158Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]},{"affected":[{"vendor":"mediabeta","product":"enjoy_social_feed","cpes":["cpe:2.3:a:mediabeta:enjoy_social_feed:*:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"0","status":"affected","lessThan":"6.2.2","versionType":"semver"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.8,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-03-19T15:46:46.679516Z","id":"CVE-2024-0780","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-14T16:20:28.257Z"}}]}}