CVE-2024-1213 in Easy Social Feed Plugin
Summary
by MITRE • 03/21/2024
The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esf_insta_save_access_token and efbl_save_facebook_access_token functions. This makes it possible for unauthenticated attackers to connect their facebook and instagram pages to the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 04/13/2026
The vulnerability identified as CVE-2024-1213 affects the Easy Social Feed plugin for WordPress, a popular social media integration tool that allows website administrators to display social media content including Instagram and Facebook posts. This plugin enables users to create social photo galleries, post feeds, and like boxes directly on their WordPress sites. The vulnerability exists in all versions up to and including 6.5.4, representing a significant security risk for WordPress installations that rely on this plugin for social media integration. The issue stems from inadequate security controls within the plugin's backend functionality, specifically in how it handles authentication tokens for social media connections.
The technical flaw manifests in the esf_insta_save_access_token and efbl_save_facebook_access_token functions which are responsible for saving access tokens used to connect Instagram and Facebook accounts to the WordPress site. These functions lack proper nonce validation, which is a critical security mechanism designed to prevent unauthorized requests from being processed. Nonces are unique numbers generated for each user session that verify the legitimacy of form submissions and API calls. Without proper nonce validation, attackers can forge requests that appear to originate from legitimate administrative actions, bypassing the normal authentication and authorization checks that should prevent unauthorized modifications to the site's social media connections.
The operational impact of this Cross-Site Request Forgery vulnerability is severe and potentially devastating for affected WordPress sites. An unauthenticated attacker who can trick a site administrator into clicking on a malicious link or visiting a compromised website can gain unauthorized access to the site's social media integration capabilities. This allows the attacker to connect their own Facebook and Instagram accounts to the vulnerable site, potentially leading to unauthorized content publication, data exfiltration, or the use of the compromised site for malicious activities. The vulnerability essentially provides attackers with a backdoor to manipulate social media connections without requiring valid credentials, making it particularly dangerous in environments where administrators frequently click on links from untrusted sources.
This vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery issues in software applications. The flaw demonstrates a failure to implement proper input validation and authentication checks in web applications, making it a classic example of how insufficient security controls can compromise system integrity. From an ATT&CK framework perspective, this vulnerability maps to T1566, which covers Phishing techniques, as the attack requires social engineering to trick administrators into performing malicious actions. Additionally, it relates to T1078, which deals with Valid Accounts, since successful exploitation could lead to unauthorized access to social media accounts and potentially escalate to broader system compromise. Organizations should immediately update to the latest version of the plugin where this vulnerability has been patched, implement additional security measures such as two-factor authentication for administrative accounts, and educate administrators about the risks of clicking on untrusted links to prevent successful exploitation attempts.