Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-07-16
CVE-2025-4577 - Smash Balloon Social Post Feed Plugin
The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Smash Balloon Social Post Feed
CVE-2025-4577
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-25065 - Smash Balloon Social Post Feed Plugin
The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.
PLUGIN
Smash Balloon Social Post Feed
CVE-2021-25065
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24918 - Smash Balloon Social Post Feed Plugin
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.
PLUGIN
Smash Balloon Social Post Feed
CVE-2021-24918
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-24508 - Smash Balloon Social Post Feed Plugin
The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feed_locator AJAX action (available to both authenticated and unauthenticated users) before outputting a truncated version of it in the admin dashboard, leading to an unauthenticated Stored Cross-Site Scripting issue which will be executed in the context of a logged in administrator.
PLUGIN
Smash Balloon Social Post Feed
CVE-2021-24508
Risk Score