.. / CVE-2021-25065

Exploit for Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (CVE-2021-25065)

Description:

The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.

Nuclei Template

View the template here CVE-2021-25065.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-25065.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-25065
https://wpscan.com/vulnerability/ae1aab4e-b00a-458b-a176-85761655bdcc
https://wordpress.org/plugins/custom-facebook-feed/