Skip to main content

Facebook

3 CVEs product

Monthly

CVE-2021-24218 HIGH POC This Week

The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Facebook
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-24217 HIGH POC This Week

The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization WordPress RCE PHP Facebook
NVD WPScan
CVSS 3.1
8.1
EPSS
3.5%
CVE-2014-6392 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apple Facebook Facebook Messenger
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 1% CVSS 8.8
HIGH POC This Week

The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Facebook
NVD WPScan
EPSS 4% CVSS 8.1
HIGH POC This Week

The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization WordPress RCE +2
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Apple Facebook +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy