Lucene search
+L

170 matches found

Patchstack
Patchstack
added 2021/12/16 12:0 a.m.21 views

WordPress Smash Balloon Social Post Feed plugin <= 4.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Smash Balloon Social Post Feed plugin versions = 4.1. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at least 4.1.1...

5.4CVSS2.2AI score0.01217EPSS
Exploits2References3Affected Software1
OpenVAS
OpenVAS
added 2021/12/06 12:0 a.m.8 views

WordPress Smash Balloon Social Post Feed Plugin < 4.0.1 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

5.4CVSS7AI score0.00654EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/01 12:0 a.m.33 views

WordPress Smash Balloon Social Post Feed Cross-Site Scripting Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. WordPress Smash Balloon Social Post Feed...

5.4CVSS1.7AI score0.00654EPSS
Exploits1References1
OSV
OSV
added 2021/11/29 9:15 a.m.2 views

CVE-2021-24918

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...

5.4CVSS6AI score0.00654EPSS
Exploits1References2
NVD
NVD
added 2021/11/29 9:15 a.m.22 views

CVE-2021-24918

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...

5.4CVSS0.00654EPSS
Exploits1References2
CVE
CVE
added 2021/11/29 8:25 a.m.44 views

CVE-2021-24918

CVE-2021-24918 affects the WordPress plugin Smash Balloon Social Post Feed (versions before 4.0.1). The root cause is missing privilege and nonce validation when saving plugin settings, allowing any logged-in user on a vulnerable site to update settings and store rogue JavaScript on posts and pag...

5.4CVSS5.5AI score0.00654EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/11/29 8:25 a.m.22 views

CVE-2021-24918 Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...

5.8AI score0.00654EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/11/29 12:0 a.m.4 views

WordPress 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. WordPress Smash Balloon Social Post Feed...

5.4CVSS5.3AI score0.00654EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/11/29 12:0 a.m.8 views

PT-2021-16367

Name of the Vulnerable Software and Affected Versions: Smash Balloon Social Post Feed WordPress plugin versions prior to 4.0.1 Description: The issue allows any logged-in user on a vulnerable site to update the plugin's settings without proper privilege or nonce validation. This enables the stora...

5.4CVSS6AI score0.00654EPSS
Exploits1References6
WPVulnDB
WPVulnDB
added 2021/10/29 12:0 a.m.22 views

Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS

The plugin did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...

5.4CVSS5.5AI score0.00654EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2021/10/12 12:0 a.m.13 views

WordPress Smash Balloon Social Post Feed Plugin < 2.19.2 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

6.1CVSS7AI score0.01343EPSS
Exploits2References2
CVE
CVE
added 2021/09/13 5:56 p.m.58 views

CVE-2021-24508

The issue CVE-2021-24508 concerns the Smash Balloon Social Post Feed WordPress plugin prior to version 2.19.2. The vulnerability arises because the feed_locator AJAX action does not sanitize or escape the POST parameter feedID, and the truncated value is output in the admin dashboard. This leads ...

6.1CVSS6AI score0.01343EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.4 views

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Smash Balloon Social Post Feed, which...

6.1CVSS6.1AI score0.01343EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/08/16 12:0 a.m.19 views

WordPress Smash Balloon Social Post Feed plugin <= 2.19.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by dc11 in WordPress Smash Balloon Social Post Feed plugin versions = 2.19.1. Solution Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version at least 2.19.2...

6.1CVSS2.5AI score0.01343EPSS
Exploits2References3Affected Software1
The Hacker News
The Hacker News
added 2021/04/14 2:16 p.m.38 views

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed SMASH Synchronized MAny-Sided Hammering, the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM...

1.2AI score
Exploits0
Cvelist
Cvelist
added 2021/01/25 4:33 p.m.78 views

CVE-2021-3185

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution...

9.8AI score0.02377EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2020/12/10 12:0 a.m.44 views

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2226-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...

9.8CVSS7.3AI score0.15193EPSS
Exploits4References1
OPENSUSE Linux
OPENSUSE Linux
added 2020/12/08 12:0 a.m.39 views

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2204-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes two vulnerabilities is now available...

9.8CVSS7.3AI score0.15193EPSS
Exploits4References1
OSV
OSV
added 2020/12/07 11:23 a.m.7 views

OPENSUSE-SU-2020:2194-1 Security update for minidlna

This update for minidlna fixes the following issues: minidlna was updated to version 1.3.0 boo1179447 - Fixed some build warnings when building with musl. - Use $USER instead of $LOGNAME for the default friendly name. - Fixed build with GCC 10 - Fixed some warnings from newer compilers - Disallow...

9.8CVSS7.7AI score0.15193EPSS
Exploits4References4
OPENSUSE Linux
OPENSUSE Linux
added 2020/12/07 12:0 a.m.51 views

Security update for minidlna (moderate)

openSUSE Security Update: Security update for minidlna Announcement ID: openSUSE-SU-2020:2194-1 Rating: moderate References: 1179447 Cross-References: CVE-2020-12695 CVE-2020-28926 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description: This...

9.8CVSS7.3AI score0.15193EPSS
Exploits4References1
Rows per page
Query Builder