Lucene search
Marc Montpas (Jetpack Scan)WPVDB-ID:5D252AD7-BF28-44F3-8CD0-C4FE05C48F35HistoryOct 29, 2021 - 12:00 a.m.
Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS
2021-10-2900:00:00
Marc Montpas (Jetpack Scan)
wpscan.com
14
smash balloon
social post feed
plugin
arbitrary
settings
xss
javascript
vulnerable site
EPSS
0.001
Percentile
21.4%
The plugin did not have any privilege or nonce validation before saving the plugin’s setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.
Related
openvas
openvas
WordPress Smash Balloon Social Post Feed Plugin < 4.0.1 XSS Vulnerability
2021-12-06 00:00:00
prion
prion
Input validation
2021-11-29 09:15:00
cnvd
cnvd
WordPress Smash Balloon Social Post Feed Cross-Site Scripting Vulnerability
2021-12-01 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2021-24918
2021-11-29 09:15:08
cve
cve
CVE-2021-24918
2021-11-29 09:15:08