5.4
CVE-2022-4477
- EPSS 0.51%
- Veröffentlicht 16.01.2023 16:15:12
- Zuletzt bearbeitet 04.04.2025 18:15:45
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginSmash Balloon Social Post Feed < 4.1.6 - Contributor+ Stored XSS
Smash Balloon Social Post Feed <= 4.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins.
Mögliche Gegenmaßnahme
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress: Update to version 4.1.6, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Smashballoon ≫ Smash Balloon Social Post Feed SwPlatformwordpress Version < 4.1.6
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Smash Balloon Social Post Feed – Simple Social Feeds for WordPress
Version
*-4.1.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.51% | 0.392 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
https://wpscan.com/vulnerability/c32a4c58-9f2b-4afa-9a21-4b4a5c4c4c41
https://www.wordfence.com/threat-intel/vulnerabilities/id/2fb28dab-1c65-47da-98f7-9eecf5f7466d