Smash Balloon Social Post Feed

Syed Balkhi

Developer

4.3.4

Latest version

200,000

Installations

Nov 5, 2025

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

7 fixed

3 Mitigation rules

Broken Access Control vulnerability
<= 4.3.2
Oct 9, 2025
Authenticated (Contributor+) Stored Cross-Site Scripting via `data-color` Attribute vulnerability
<= 4.3.1
Jun 11, 2025
Cross Site Request Forgery (CSRF) vulnerability
<= 4.2.1
Apr 10, 2024
Contributor+ Stored XSS vulnerability
< 4.1.6
Dec 20, 2022
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
<= 4.1
Dec 16, 2021
Stored Cross-Site Scripting (XSS) via Arbitrary Setting Update vulnerability
<= 4.0
Oct 29, 2021
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
<= 2.19.1
Aug 16, 2021