CVE-2025-49937

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...

CVE-2025-49937

Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through = 4.3.2...

WordPress plugin custom-facebook-feed 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2021-25065

The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page...

CVE-2021-25065

CVE-2021-25065 affects the Smash Balloon Social Post Feed WordPress plugin prior to version 4.1.1. The vulnerability is an authenticated reflected XSS in the custom-facebook-feed feature on the cff-top admin page. Connected sources specify the issue as a reflected XSS with impact potentially enab...

Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. PoC http://127.0.0.1:8001/wp-admin/admin.php?page=cff-topaccesstoken=xox%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%281%29%3Efinalresponse=true...