Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-51821

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00507EPSS
Exploits1References1
OSV
OSV
added 2025/06/10 12:15 p.m.4 views

CVE-2025-4577

The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS5.9AI score0.0027EPSS
Exploits0References3
NVD
NVD
added 2025/06/10 12:15 p.m.7 views

CVE-2025-4577

The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0027EPSS
Exploits0References3
CVE
CVE
added 2025/05/29 4:23 a.m.96 views

CVE-2025-4583

CVE-2025-4583 affects the Smash Balloon Social Photo Feed – Easy Social Feeds Plugin for WordPress. The vulnerability is a Stored Cross-Site Scripting flaw in the data-plugin attribute present in all versions up to 6.9.0, exploitable by authenticated attackers with Contributor-level access and ab...

5.4CVSS5.9AI score0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/29 12:0 a.m.8 views

PT-2025-23140 · WordPress · Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

Name of the Vulnerable Software and Affected Versions: The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress versions up to, and including, 6.9.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

5.4CVSS5.1AI score0.00188EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.4 views

CVE-2021-24918

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...

5.4CVSS6.7AI score0.00654EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/11/29 12:0 a.m.5 views

PT-2021-16367

Name of the Vulnerable Software and Affected Versions: Smash Balloon Social Post Feed WordPress plugin versions prior to 4.0.1 Description: The issue allows any logged-in user on a vulnerable site to update the plugin's settings without proper privilege or nonce validation. This enables the stora...

5.4CVSS6AI score0.00654EPSS
Exploits1References6
Rows per page
Query Builder