exploitDog

CVE-2021-25065

Опубликовано: 17 янв. 2022

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

Ссылки

https://wpscan.com/vulnerability/ae1aab4e-b00a-458b-a176-85761655bdcc
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/ae1aab4e-b00a-458b-a176-85761655bdcc
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:smashballoon:smash_balloon_social_post_feed:*:*:*:*:*:wordpress:*:*

Версия до 4.1.1 (исключая)

EPSS

Процентиль: 87%

0.03142

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-h835-9mx2-q75j

github

около 4 лет назад

The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

EPSS

Процентиль: 87%

0.03142

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79