Smash Balloon Social Post Feed Security Vulnerabilities and Issues — Smash Balloon Social Post Feed CVE List

Lucene search

SmashballoonSmash Balloon Social Post Feed

3 matches found

CVE•added 2022/01/17 1:15 p.m.•50 views

CVE-2021-25065

The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

5.4CVSS5.2AI score0.02416EPSS

CVE•added 2023/01/16 4:15 p.m.•40 views

CVE-2022-4477

The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admin...

5.4CVSS5.4AI score0.00113EPSS

CVE•added 2021/11/29 9:15 a.m.•31 views

CVE-2021-24918

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.

5.4CVSS5.5AI score0.0018EPSS