CVE-2021-24508 : Security Advisory and Response
Discover the details of CVE-2021-24508 affecting Smash Balloon Social Post Feed plugin, allowing unauthenticated stored XSS attacks. Learn about the impact, technical details, and mitigation strategies.
The Smash Balloon Social Post Feed WordPress plugin before version 2.19.2 is vulnerable to an Unauthenticated Stored Cross-Site Scripting (XSS) issue that can be exploited by both authenticated and unauthenticated users. This vulnerability could allow an attacker to execute malicious scripts within the context of a logged-in administrator.