Smash Balloon Social Post Feed < 4.2.2 - Facebook Token Reset/Update via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the maybesourceconnectiondata function, allowing attacker to reset and set an arbitrary Facebook Token via a CSRF attack...

DigitalSellz: Public profile is vulnerable to stored XSS / Facebook Token can be stolen

@robinlinus bypass our XSS protection system. This Vulnerability has been fixed...