Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Smash Balloon Social Photo Feed 1.4.6.2

  • Severity: medium-risk
  • Status: Fixed
  • Publication: November 19, 2016

The Smash Balloon Social Photo Feed plugin for WordPress is vulnerable to a type of attack known as Stored Cross-Site Scripting. This attack can be launched via Cross-Site Request Forgery on the settings page of the plugin. This attack is possible because of insufficient security measures in versions of the plugin up to and including version 1.4.6.2. Without the proper security measures in place, attackers who are authenticated can inject malicious web scripts in pages which will be executed whenever an unsuspecting user accesses the page.

Detected in:

Smash Balloon Social Photo Feed fixed vulnerable versions: >= * <= 1.4.6.2
Smash Balloon Social Photo Feed – Best Social Feed Plugin for WordPress fixed vulnerable versions:
Smash Balloon Social Photo Feed – Easy Social Feeds Plugin fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.