Security Advisory

CVE-2021-24918

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-29 08:25:51

Last updated 2024-08-03 19:49:13

Assigner WPScan

State PUBLISHED

Description

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugins setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.

← Browse all CVEs View on cve.org ↗