CVE-2022-0209

The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2025-49937

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...

EUVD-2025-35521

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...

CVE-2025-49937

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...

CVE-2025-49937 WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...

CVE-2025-49937 WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...

CVE-2025-49937

CVE-2025-49937 concerns a Missing Authorization issue (Broken Access Control) in the WordPress plugin Smash Balloon Social Post Feed (custom-facebook-feed). Affected versions are up to and including 4.3.2. The vulnerability arises from incorrectly configured access control security levels, enabli...

PT-2025-43201

Name of the Vulnerable Software and Affected Versions Smash Balloon Social Post Feed versions through 4.3.2 Description An authorization issue exists in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed. This allows exploitation of incorrectly configured access control security...

WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Smash Balloon Social Post Feed versions = 4.3.2...

EUVD-2024-29275

Malicious code in bioql PyPI...

EUVD-2024-50051

Malicious code in bioql PyPI...

EUVD-2022-15411

Malicious code in bioql PyPI...

CVE-2025-4577

The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-4577

The CVE entry CVE-2025-4577 concerns the Smash Balloon Social Post Feed (Custom Facebook Feed) WordPress plugin. Connected sources confirm a Stored Cross-Site Scripting (XSS) vulnerability via the data-color attribute in all versions up to and including 4.3.1, caused by insufficient input sanitiz...

PT-2025-24651 · WordPress · Smash Balloon Social Post Feed

Name of the Vulnerable Software and Affected Versions: The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin versions up to, and including, 4.3.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping,...

CVE-2024-31379

Cross-Site Request Forgery CSRF vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1...

CVE-2023-2503

The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin WP Custom Post RSS Feed 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2024-9607

The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

CVE-2024-9607 10Web Social Post Feed <= 1.2.9 - Reflected Cross-Site Scripting

The 10Web Social Post Feed plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...