WordPress Plugin Vulnerabilities

Feed Them Social < 2.8.7 - Cross-Site Request Forgery

Description

The plugin does not protect the my_fts_fb_load_more function against CSRF attacks, allowing an unauthenticated attacker to load feeds by tricking a logged in administrator to submit a crafted request.

Affects Plugins

Plugin icon
feed-them-social
Fixed in 2.8.7

References

CVE
CVE-2020-36739
URL
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Jerome Bruandet
Verified
No
WPVDB ID
b7b55d0f-7f54-4f19-ab99-102ed3c159df

Timeline

Publicly Published
2020-09-16 (about 5 years ago)
Added
2023-07-04 (about 2 years ago)
Last Updated
2023-07-04 (about 2 years ago)

Other

Published
Title
Published
2025-02-13
Title
Post Thumbs <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-04-17
Title
WP Twitter Button <= 1.4.1 - Cross-Site Request Forgery
Published
2023-07-04
Title
WP RSS Images <= 1.1 - Cross-Site Request Forgery
Published
2022-12-28
Title
BruteBank - WP Security & Firewall < 1.9 - Settings Update via CSRF
Published
2022-08-01
Title
Download Manager < 3.2.49 - Multiple CSRF