2 matches found
WordPress Smash Balloon Custom Facebook Feed plugin <= 4.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via data-color Attribute vulnerability discovered by Asaf Mozes in WordPress Plugin Smash Balloon Social Post Feed versions = 4.3.1...
WordPress Popup Builder Plugin <= 4.3.1 is vulnerable to Broken Access Control
Software Popup Builder Type Plugin Vulnerable versions = 4.3.1 Fixed in 4.3.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6696 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 7eeb41bcfcb3 Credits Lucio Sá Required privilege...