CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Smashballoon 1Smash Balloon Social Post Feed Jun 17, 2026 Jan 16, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a con...Show more |
1Smashballoon 1Smash Balloon Social Post Feed Jun 17, 2026 Jan 17, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page. |
1Smashballoon 1Smash Balloon Social Post Feed Jun 17, 2026 Nov 29, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the se...Show more |
1Smashballoon 1Smash Balloon Social Post Feed Jun 17, 2026 Sep 13, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feed_locator AJAX action (available to both authenticated and unauthenticated users) before o...Show more |