CVE-2025-4583 | Smash Balloon Instagram Feed Plugin up to 6.9.0 on WordPress Attribute data-plugin cross site scripting

Inserito da Angelo Barbosa | Mag 28, 2025 | CVE

A vulnerability has been found in Smash Balloon Instagram Feed Plugin up to 6.9.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Attribute Handler. The manipulation of the argument data-plugin leads to cross site scripting.

This vulnerability is known as CVE-2025-4583. The attack can be launched remotely. There is no exploit available.

CVE-2025-4583 | Smash Balloon Instagram Feed Plugin up to 6.9.0 on WordPress Attribute data-plugin cross site scripting

Post correlati

CVE-2023-51939 | Relic relic-toolkit 0.6.0 relic_cp_bbs.c cp_bbs_sig Privilege Escalation

CVE-2022-23829 | AMD RyzenTM Embedded V3000 AMD SPI Protection Local Privilege Escalation

CVE-2024-22397 | SonicWall SonicOS SSLVPN Portal cross site scripting (SNWLID-2024-0005)

CVE-2024-26128 | baserCMS up to 5.0.8 Content Management Feature cross site scripting