84 matches found
CVE-2025-49937
Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...
CVE-2025-49937 WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...
CVE-2025-49937 WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...
PT-2025-43201
Name of the Vulnerable Software and Affected Versions Smash Balloon Social Post Feed versions through 4.3.2 Description An authorization issue exists in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed. This allows exploitation of incorrectly configured access control security...
WordPress Smash Balloon Social Post Feed plugin <= 4.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Smash Balloon Social Post Feed versions = 4.3.2...
EUVD-2022-37010
Malicious code in bioql PyPI...
EUVD-2022-51821
Malicious code in bioql PyPI...
EUVD-2024-29275
Malicious code in bioql PyPI...
EUVD-2023-56810
Malicious code in bioql PyPI...
CVE-2025-4577
The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4577
The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4577
The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4577 Smash Balloon Custom Facebook Feed <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute
The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4577
The CVE entry CVE-2025-4577 concerns the Smash Balloon Social Post Feed (Custom Facebook Feed) WordPress plugin. Connected sources confirm a Stored Cross-Site Scripting (XSS) vulnerability via the data-color attribute in all versions up to and including 4.3.1, caused by insufficient input sanitiz...
CVE-2025-4577 Smash Balloon Custom Facebook Feed <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute
The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress plugin Smash Balloon Social Post Feed 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2025-24651 · WordPress · Smash Balloon Social Post Feed
Name of the Vulnerable Software and Affected Versions: The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin versions up to, and including, 4.3.1 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping,...
CVE-2025-4583
CVE-2025-4583 affects the Smash Balloon Social Photo Feed – Easy Social Feeds Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting flaw in the data-plugin attribute present in all versions up to 6.9.0, exploitable by authenticated attackers with Contributor-level access and ab...
CVE-2025-4583 Smash Balloon Instagram Feed <= 6.9.0 (Free) & <= 6.8.0 (Pro) - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-plugin attribute in all versions up to, and including, 6.9.0 Free and 6.8.0 Pro due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-4583 Smash Balloon Instagram Feed <= 6.9.0 (Free) & <= 6.8.0 (Pro) - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-plugin attribute in all versions up to, and including, 6.9.0 Free and 6.8.0 Pro due to insufficient input sanitization and output escaping. This makes it...