VYPR

Friends

by WordPress

Source repositories

CVEs (2)

  • CVE-2024-12028MedDec 6, 2024
    risk 0.34cvss 5.3epss 0.00

    The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of…

  • CVE-2024-1978MedFeb 29, 2024
    risk 0.29cvss 5.5epss 0.00

    The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web…