RSS   Vulnerabilities for 'Smash balloon social post feed'   RSS

2022-01-17
 
CVE-2021-25065

CWE-79
 

 
The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

 
2021-11-29
 
CVE-2021-24918

CWE-79
 

 
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.

 


Copyright 2024, cxsecurity.com

 

Back to Top