Lqd Liquid Speech Balloon — known CVE vulnerabilities
Every CVE whose affected-product data names Lqd Liquid Speech Balloon, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2023-27889 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to…
CVE-2019-17070 — CVSS 6.1 (medium): The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer.