5 matches found
CVE-2025-4583
creationtimestamp| type| source ---|---|--- 2025-05-29 06:26:44+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqc3juctenz2 2025-05-29 09:41:44+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqcghjclxc2r...
CVE-2025-4583
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-plugin attribute in all versions up to, and including, 6.9.0 Free and 6.8.0 Pro due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-4583 Smash Balloon Instagram Feed <= 6.9.0 (Free) & <= 6.8.0 (Pro) - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-plugin attribute in all versions up to, and including, 6.9.0 Free and 6.8.0 Pro due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-4583 Smash Balloon Instagram Feed <= 6.9.0 (Free) & <= 6.8.0 (Pro) - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute
The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-plugin attribute in all versions up to, and including, 6.9.0 Free and 6.8.0 Pro due to insufficient input sanitization and output escaping. This makes it...
CVE-2025-4583
CVE-2025-4583 affects the Smash Balloon Social Photo Feed – Easy Social Feeds Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting flaw in the data-plugin attribute present in all versions up to 6.9.0, exploitable by authenticated attackers with Contributor-level access and ab...