CVE-2024-1214
published 2024-03-21CVE-2024-1214: The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and…
PriorityP416medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.24%
15.1th percentile
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the save_groups_list function. This makes it possible for unauthenticated attackers to disconnect a site's facebook or instagram page/group connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| easysocialfeed | easy_social_feed | < 6.5.5 | 6.5.5 |
| sjaved | easy_social_feed_social_photos_gallery_and_post_feed_for_wordpress | <= 6.5.4 | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g4p6-wj2c-46f6: The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u
ghsa_unreviewed·2024-03-21
CVE-2024-1214 [MEDIUM] CWE-352 GHSA-g4p6-wj2c-46f6: The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions u
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the save_groups_list function. This makes it possible for unauthenticated attackers to disconnect a site's facebook or instagram page/group connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Red Hat
kernel: media: dvb-frontends: avoid stack overflow warnings with clang
vendor_redhat·2024-05-01·CVSS 7.8
CVE-2024-27075 [HIGH] kernel: media: dvb-frontends: avoid stack overflow warnings with clang
kernel: media: dvb-frontends: avoid stack overflow warnings with clang
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-frontends: avoid stack overflow warnings with clang
A previous patch worked around a KASAN issue in stv0367, now a similar
problem showed up with clang:
drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than]
1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe)
Rework the stv0367_writereg() function to be simpler and mark both
register access functions as noinline_for_stack so the temporary
i2c_msg structures do not get duplicated on the stack when KASAN_STACK
is enabled.
Package: kernel (Red Hat Enterprise Linux 6) - Not affe
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/easy-facebook-likebox/trunk/facebook/admin/class-easy-facebook-likebox-admin.php?rev=3047064https://www.wordfence.com/threat-intel/vulnerabilities/id/aaf62045-b9ce-40d7-92b3-7ab683e5a08c?source=cvehttps://plugins.trac.wordpress.org/browser/easy-facebook-likebox/trunk/facebook/admin/class-easy-facebook-likebox-admin.php?rev=3047064https://www.wordfence.com/threat-intel/vulnerabilities/id/aaf62045-b9ce-40d7-92b3-7ab683e5a08c?source=cve
2024-03-21
Published