CVE-2025-49937 | Syed Balkhi Smash Balloon Social Post Feed Plugin up to 4.3.2 on WordPress authorization

Inserito da Angelo Barbosa | Ott 22, 2025 | CVE

A vulnerability categorized as critical has been discovered in Syed Balkhi Smash Balloon Social Post Feed Plugin up to 4.3.2 on WordPress. The affected element is an unknown function. Such manipulation leads to missing authorization.

This vulnerability is documented as CVE-2025-49937. The attack can be executed remotely. There is not any exploit available.

CVE-2025-49937 | Syed Balkhi Smash Balloon Social Post Feed Plugin up to 4.3.2 on WordPress authorization

Post correlati

CVE-2025-8440 | Team Members Plugin up to 5.3.5 on WordPress first name/last name cross site scripting

CVE-2025-5011 | moonlightL hexo-boot 4.3.0 Dynamic List Page /admin/home/index.html cross site scripting

CVE-2025-27139 | Combodo iTop up to 2.7.11/3.1.1 cross site scripting (GHSA-c6mg-9537-c8cf)

CVE-2024-6653 | code-projects Simple Task List 1.0 Login loginForm.php username sql injection