Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-25065

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.4MEDIUM
EPSS
3.1%
top 13.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown Smash Balloon Social Post FeedSmashballoon Smash Balloon Social Post Feed
Timeline
PublishedJan 17
Latest updateJan 18

Description

The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5unknown/smash_balloon_social_post_feed4.1.14.1.1

🔴Vulnerability Details

2
GHSA
GHSA-h835-9mx2-q75j: The Smash Balloon Social Post Feed WordPress plugin before 42022-01-18
CVEList
Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS)2022-01-17

💥Exploits & PoCs

1
Nuclei
Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting
CVE-2021-25065 (MEDIUM CVSS 5.4) | The Smash Balloon Social Post Feed | cvebase.io