4 matches found
CVE-2025-4577
The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
WordPress Smash Balloon Custom Facebook Feed plugin <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via data-color Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin Smash Balloon Social Post Feed versions = 4.3.1...
CVE-2025-4577 Smash Balloon Custom Facebook Feed <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute
The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4577
The CVE entry CVE-2025-4577 concerns the Smash Balloon Social Post Feed (Custom Facebook Feed) WordPress plugin. Connected sources confirm a Stored Cross-Site Scripting (XSS) vulnerability via the data-color attribute in all versions up to and including 4.3.1, caused by insufficient input sanitiz...