Smash Balloon Social Post Feed@* Security Vulnerabilities and Issues — Smash Balloon Social Post Feed@* CVE List

Lucene search

SmashballoonSmash Balloon Social Post Feed*

4 matches found

CVE•added 2022/01/17 1:15 p.m.•50 views

CVE-2021-25065

The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

5.4CVSS5.2AI score0.02416EPSS

CVE•added 2021/09/13 6:15 p.m.•43 views

CVE-2021-24508

The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feed_locator AJAX action (available to both authenticated and unauthenticated users) before outputting a truncated version of it in the admin dashboard, leading to an unaut...

6.1CVSS6AI score0.14825EPSS

CVE•added 2023/01/16 4:15 p.m.•40 views

CVE-2022-4477

The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admin...

5.4CVSS5.4AI score0.00113EPSS

CVE•added 2021/11/29 9:15 a.m.•31 views

CVE-2021-24918

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.

5.4CVSS5.5AI score0.0018EPSS