CVE-2025-4583 – Smash Balloon Social Photo Feed – Easy Social Feeds Plugin Stored Cross-Site Scripting (XSS)

May 29, 2025

CVE ID : CVE-2025-4583

Published : May 29, 2025, 5:15 a.m. | 15 minutes ago

Description : The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5273 – Mcp-Markdownify-Server File Access Vulnerability

Next Article CVE-2025-3755 – Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Index Validation Bypass

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Reclaim Space: Delete Docker Orphan Layers

Notes Android App Using SQLite

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-4583 – Smash Balloon Social Photo Feed – Easy Social Feeds Plugin Stored Cross-Site Scripting (XSS)

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

CVE-2025-5097 – CVE-2022-36466: Apache HTTP Server XML Entity Injection Vulnerability

CVE-2025-52542 – Apache Struts Remote Code Execution Vulnerability

CVE-2025-22854 – PingFederate Google Adapter HTTP Response Handling Buffer Overflow

CVE-2024-13451 – Bit Form Contact Form Sensitive Information Exposure

Amap – Gather Info in Easy Way

CVE-2025-48748 – Netwrix Directory Manager Hard-Coded Password Vulnerability

Laravel Routing

CVE-2025-43928 – Infodraw Media Relay Service File Reading Vulnerability

CVE-2025-4583 – Smash Balloon Social Photo Feed – Easy Social Feeds Plugin Stored Cross-Site Scripting (XSS)

Related Posts