CVE-2025-4577 | Smash Balloon Custom Facebook Feed Plugin up to 4.3.1 on WordPress Attribute data-color cross site scripting

Inserito da Angelo Barbosa | Giu 10, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in Smash Balloon Custom Facebook Feed Plugin up to 4.3.1 on WordPress. Affected by this issue is some unknown functionality of the component Attribute Handler. The manipulation of the argument data-color leads to cross site scripting.

This vulnerability is handled as CVE-2025-4577. The attack may be launched remotely. There is no exploit available.

CVE-2025-4577 | Smash Balloon Custom Facebook Feed Plugin up to 4.3.1 on WordPress Attribute data-color cross site scripting

Post correlati

CVE-2024-34478 | btcd up to 0.23.x data authenticity

CVE-2024-56772 | Linux Kernel up to 6.12.3 kunit_init_suite use after free

CVE-2023-6481 | QOS logback 1.2.12/1.3.13/1.4.13 Logback Receiver denial of service

CVE-2024-4029 | Red Hat WildFly EAP Management Interface denial of service