Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered by Krzysztof Zając in WordPress Smash Balloon Social Post Feed plugin (versions <= 4.1).
Update the WordPress Smash Balloon Social Post Feed plugin to the latest available version (at least 4.1.1).