Description
WordPress Plugin Spotlight Social Feeds [Block, Shortcode, and Widget] is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently make unauthorized AJAX calls and access the debug logs. WordPress Plugin Spotlight Social Feeds [Block, Shortcode, and Widget] version 0.10.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 0.10.2 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:6DAE6DCA-7474-4008-9FE5-4C62B9F12D0A
https://plugins.svn.wordpress.org/spotlight-social-photo-feeds/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin WP Support Plus Responsive Ticket System PHP Object Injection (9.0.3)
Joomla! Core Cross-Site Scripting (1.5.0 - 3.7.3)
Oracle Database Server CVE-2014-6455 Vulnerability (CVE-2014-6455)
IBM Lotus Domino web server Cross-Site Scripting vulnerabilities
YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)