Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical0

High2

Medium0

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2024-11-21

CVE-2021-24218 - Facebook Plugin

The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved.

PLUGIN Facebook

CVE-2021-24218

HIGH CVSS 8.8 2021-04-12

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24217 - Facebook Plugin

The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution.

PLUGIN Facebook

CVE-2021-24217

HIGH CVSS 8.1 2021-04-12

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2021-24218 - Facebook Plugin

CVE-2021-24217 - Facebook Plugin

Company Links

Contact Us