Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/06/12 12:21 p.m.4 views

CVE-2025-4577

The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.0027EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/06/11 1:9 a.m.11 views

WordPress Smash Balloon Custom Facebook Feed plugin <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via data-color Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin Smash Balloon Social Post Feed versions = 4.3.1...

6.4CVSS5.5AI score0.0027EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/10 11:22 a.m.4 views

CVE-2025-4577 Smash Balloon Custom Facebook Feed <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute

The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.0027EPSS
Exploits0References3
CVE
CVE
added 2025/06/10 11:22 a.m.75 views

CVE-2025-4577

The CVE entry CVE-2025-4577 concerns the Smash Balloon Social Post Feed (Custom Facebook Feed) WordPress plugin. Connected sources confirm a Stored Cross-Site Scripting (XSS) vulnerability via the data-color attribute in all versions up to and including 4.3.1, caused by insufficient input sanitiz...

6.4CVSS5.8AI score0.0027EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder