CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31379 – WordPress Smash Balloon Social Post Feed plugin <= 4.2.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31379
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Smash Balloon Smash Balloon Social Post Feed. Este problema afecta al feed de publicaciones sociales de Smash Balloon: desde n/a hasta 4.2.1. The Smash Balloon Social Post Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the maybe_source_connection_data() function. • https://patchstack.com/database/vulnerability/custom-facebook-feed/wordpress-smash-balloon-social-post-feed-plugin-4-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •