Description
WordPress Plugin Easy Social Feed-Social Photos Gallery-Post Feed-Like Box is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently make unauthorized AJAX calls and access the debug logs. WordPress Plugin Easy Social Feed-Social Photos Gallery-Post Feed-Like Box version 6.3.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.3.4 or latest
References
Related Vulnerabilities
PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)
WordPress Plugin Booking Privilege Escalation (2.4)
WordPress Improper Input Validation Vulnerability (CVE-2016-9263)
WordPress Plugin WordPress Gallery-NextGEN Gallery Cross-Site Request Forgery (3.28)
WordPress Plugin Waitlist Woocommerce (Back in stock notifier) Cross-Site Request Forgery (2.5.1)