7 matches found
EUVD-2022-51821
Malicious code in bioql PyPI...
CVE-2025-4577
The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4577
The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4583
CVE-2025-4583 affects the Smash Balloon Social Photo Feed – Easy Social Feeds Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting flaw in the data-plugin attribute present in all versions up to 6.9.0, exploitable by authenticated attackers with Contributor-level access and ab...
PT-2025-23140 · WordPress · Smash Balloon Social Photo Feed – Easy Social Feeds Plugin
Name of the Vulnerable Software and Affected Versions: The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress versions up to, and including, 6.9.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...
CVE-2021-24918
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...
PT-2021-16367
Name of the Vulnerable Software and Affected Versions: Smash Balloon Social Post Feed WordPress plugin versions prior to 4.0.1 Description: The issue allows any logged-in user on a vulnerable site to update the plugin's settings without proper privilege or nonce validation. This enables the stora...