CVE Published: 29/11/2021 |
CVE Updated: 03/08/2024 |
CVE Year: 2021 Source: WPScan |
Vendor: Unknown |
Product: Smash Balloon Social Post Feed Status : PUBLISHED
CVE-2021-24918 Description
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin\'s setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.