cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-36838,https://securityvulnerability.io/vulnerability/CVE-2020-36838,Facebook Chat Plugin Vulnerability Allows Hackers to Access Sites,"The Facebook Chat Plugin for WordPress is susceptible to a significant security flaw that enables low-level authenticated attackers to bypass authorization mechanisms. This vulnerability arises from the absence of a requisite capability check within the wp_ajax_update_options function. As a result, attackers can connect their own Facebook Messenger accounts to any website utilizing the affected plugin, thereby facilitating unauthorized communications with site visitors. This poses a considerable risk to the integrity and trustworthiness of interactions on sites employing this plugin, creating opportunities for social engineering attacks and unauthorized messaging.",Wordpress,Facebook Chat Plugin – Live Chat Plugin For WordPress,7.4,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2024-10-16T06:43:27.628Z,0
CVE-2021-24218,https://securityvulnerability.io/vulnerability/CVE-2021-24218,Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion,The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved.,Wordpress,Facebook For WordPress,8.8,HIGH,0.004230000078678131,false,,false,false,false,,false,false,2021-04-12T14:01:34.000Z,0
CVE-2021-24217,https://securityvulnerability.io/vulnerability/CVE-2021-24217,Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain,The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution.,Wordpress,Facebook For WordPress,8.1,HIGH,0.007060000207275152,false,,false,false,false,,false,false,2021-04-12T14:01:19.000Z,0