Smashballoon Smash Balloon Social Post Feed — known CVE vulnerabilities
Every CVE whose affected-product data names Smashballoon Smash Balloon Social Post Feed, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2021-24508 — CVSS 6.1 (medium): The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feed_locator…
CVE-2021-24918 — CVSS 5.4 (medium): The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's…
CVE-2021-25065 — CVSS 5.4 (medium): The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin…
CVE-2022-4477 — CVSS 5.4 (medium): The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before…