CVE-2021-25065: Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)
First published: Mon Jan 17 2022(Updated: )
The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Smashballoon Smash Balloon Social Post Feed | <4.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-25065?
CVE-2021-25065 is a vulnerability in the Smash Balloon Social Post Feed WordPress plugin before version 4.1.1 that allows for reflected cross-site scripting (XSS) attacks.
How does CVE-2021-25065 affect the Smash Balloon Social Post Feed plugin?
CVE-2021-25065 affects the Smash Balloon Social Post Feed plugin before version 4.1.1, allowing potential attackers to exploit a reflected XSS vulnerability in the custom-facebook-feed on the cff-top admin page.
What is the severity of CVE-2021-25065?
CVE-2021-25065 has a severity rating of medium, with a CVSS score of 5.4.
How can I fix CVE-2021-25065 in the Smash Balloon Social Post Feed plugin?
To fix CVE-2021-25065, you should update the Smash Balloon Social Post Feed plugin to version 4.1.1 or later.
What is the Common Weakness Enumeration (CWE) for CVE-2021-25065?
The Common Weakness Enumeration (CWE) for CVE-2021-25065 is CWE-79, which represents an issue related to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/smashballoon
- canonical/smashballoon smash balloon social post feed