CVE-2024-3662: CWE-862 Missing Authorization in wpzoom WPZOOM Social Feed Widget & Block
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all Instagram images installed on the site.
AI Analysis
Technical Summary
The WPZOOM Social Feed Widget & Block plugin for WordPress suffers from a missing capability check in the wpzoom_instagram_clear_data() function in all versions up to 2.1.13. This authorization bypass vulnerability (CWE-862) enables any authenticated user with subscriber-level privileges or higher to invoke this function and delete all Instagram images integrated into the site. The CVSS 3.1 base score is 4.3 (medium), reflecting network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, and limited availability impact.
Potential Impact
An attacker with subscriber-level or higher access can delete all Instagram images displayed by the plugin on the affected WordPress site, causing denial of availability of that content. There is no impact on confidentiality or integrity of data. The disruption is limited to the availability of Instagram images managed by the plugin.
Mitigation Recommendations
No official patch or remediation guidance is currently available from the vendor. Since this vulnerability requires authenticated access at subscriber level or above, site administrators should review user roles and restrict subscriber privileges if possible. Monitor vendor channels for updates or patches addressing this issue. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2024-3662: CWE-862 Missing Authorization in wpzoom WPZOOM Social Feed Widget & Block
Description
The WPZOOM Social Feed Widget & Block plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpzoom_instagram_clear_data() function in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete all Instagram images installed on the site.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The WPZOOM Social Feed Widget & Block plugin for WordPress suffers from a missing capability check in the wpzoom_instagram_clear_data() function in all versions up to 2.1.13. This authorization bypass vulnerability (CWE-862) enables any authenticated user with subscriber-level privileges or higher to invoke this function and delete all Instagram images integrated into the site. The CVSS 3.1 base score is 4.3 (medium), reflecting network attack vector, low attack complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, and limited availability impact.
Potential Impact
An attacker with subscriber-level or higher access can delete all Instagram images displayed by the plugin on the affected WordPress site, causing denial of availability of that content. There is no impact on confidentiality or integrity of data. The disruption is limited to the availability of Instagram images managed by the plugin.
Mitigation Recommendations
No official patch or remediation guidance is currently available from the vendor. Since this vulnerability requires authenticated access at subscriber level or above, site administrators should review user roles and restrict subscriber privileges if possible. Monitor vendor channels for updates or patches addressing this issue. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-04-11T17:48:58.850Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6c99b7ef31ef0b566a92
Added to database: 2/25/2026, 9:41:45 PM
Last enriched: 4/9/2026, 7:34:37 AM
Last updated: 4/12/2026, 3:57:50 PM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.