2 matches found
CVE-2021-24508
The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feedlocator AJAX action available to both authenticated and unauthenticated users before outputting a truncated version of it in the admin dashboard, leading to an...
CVE-2021-24508
The issue CVE-2021-24508 concerns the Smash Balloon Social Post Feed WordPress plugin prior to version 2.19.2. The vulnerability arises because the feed_locator AJAX action does not sanitize or escape the POST parameter feedID, and the truncated value is output in the admin dashboard. This leads ...