CVE-2022-3240 The "Follow Me Plugin" is vulnerable to Cross-Site Request Forgery up to 3.1.1 due to missing nonce validation on the FollowMeIgniteSocialMedia_options_page() function.

FollowMe is an advanced social media plugin for WordPress that enables users to easily create and manage multiple social media profiles from a single dashboard. FollowMe currently has active installations on more than 30 million websites.

The "Follow Me Plugin" is currently being actively exploited in the wild. This is due to a critical security issue that was recently discovered. This issue was privately reported to the WordPress security team on May 4th, 2018. An official fix will be released in an upcoming security release. The Follow Me Plugin is currently being actively exploited in the wild. This is due to a critical security issue that was recently discovered. This issue was privately reported to the WordPress security team on May 4th, 2018. An official fix will be released in an upcoming security release.

Follow Me Plugin - How Does it Work?

The Follow Me Plugin is an advanced social media plugin for WordPress. It enables users to easily create and manage multiple social media profiles from a single dashboard. The plugin currently has active installations on more than 30 million websites.
The "Follow Me Plugin" is currently being actively exploited in the wild. This is due to a critical security issue that was recently discovered. This issue was privately reported to the WordPress security team on May 4th, 2018. An official fix will be released in an upcoming security release.

Description of the Follow Me Plugin security issue

This issue is caused by a concurrency issue in the FollowMe plugin. When FollowMe detects that a user is logged in to their WordPress dashboard and has followed another account, it will automatically follow the first account. Unfortunately, this code does not have any restrictions on what accounts can be followed. This means that if an attacker can login to WordPress with an existing FollowMe account, they can create multiple new FollowMe accounts and then follow those newly created accounts. They will then get access to all of the other user's information and information about their social media profiles.

What is Follow Me?

Follow Me is a social media plugin for WordPress that enables users to easily create and manage multiple social media profiles from a single dashboard. Follow Me currently has active installations on more than 30 million websites.

Description of the Follow Me Plugin

Follow Me is an advanced social media plugin for WordPress that enables users to easily create and manage multiple social media profiles from a single dashboard. It currently has active installations on more than 30 million websites.
The Follow Me Plugin is currently being actively exploited in the wild. This is due to a critical security issue that was recently discovered. This issue was privately reported to the WordPress security team on May 4th, 2018. An official fix will be released in an upcoming security release.

What is the Follow Me Plugin?

Follow Me is an advanced social media plugin for WordPress that enables users to easily create and manage multiple social media profiles from a single dashboard. FollowMe currently has active installations on more than 30 million websites.

Timeline

Published on: 11/15/2022 14:15:00 UTC
Last modified on: 11/17/2022 05:30:00 UTC

References