CVE-2021-24918 - OpenCVE

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Smashballoon	Smash Balloon Social Post Feed

Configuration 1 [-]

cpe:2.3:a:smashballoon:smash_balloon_social_post_feed:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://jetpack.com/2021/10/29/security-issues-patched-in-smash-balloon-social-post-feed-plugin/
https://wpscan.com/vulnerability/5d252ad7-bf28-44f3-8cd0-c4fe05c48f35

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2021-11-29T08:25:51

Updated: 2024-08-03T19:49:13.472Z

Reserved: 2021-01-14T00:00:00

Link: CVE-2021-24918

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-11-29T09:15:08.027

Modified: 2021-12-15T13:50:58.197

Link: CVE-2021-24918

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Smash Balloon Social Post Feed", "vendor": "Unknown", "versions": [{"lessThan": "4.0.1", "status": "affected", "version": "4.0.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Marc Montpas"}], "descriptions": [{"lang": "en", "value": "The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-29T08:25:51", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/5d252ad7-bf28-44f3-8cd0-c4fe05c48f35"}, {"tags": ["x_refsource_MISC"], "url": "https://jetpack.com/2021/10/29/security-issues-patched-in-smash-balloon-social-post-feed-plugin/"}], "source": {"discovery": "EXTERNAL"}, "title": "Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2021-24918", "STATE": "PUBLIC", "TITLE": "Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Smash Balloon Social Post Feed", "version": {"version_data": [{"version_affected": "<", "version_name": "4.0.1", "version_value": "4.0.1"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Marc Montpas"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/5d252ad7-bf28-44f3-8cd0-c4fe05c48f35", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/5d252ad7-bf28-44f3-8cd0-c4fe05c48f35"}, {"name": "https://jetpack.com/2021/10/29/security-issues-patched-in-smash-balloon-social-post-feed-plugin/", "refsource": "MISC", "url": "https://jetpack.com/2021/10/29/security-issues-patched-in-smash-balloon-social-post-feed-plugin/"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:49:13.472Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/5d252ad7-bf28-44f3-8cd0-c4fe05c48f35"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jetpack.com/2021/10/29/security-issues-patched-in-smash-balloon-social-post-feed-plugin/"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2021-24918", "datePublished": "2021-11-29T08:25:51", "dateReserved": "2021-01-14T00:00:00", "dateUpdated": "2024-08-03T19:49:13.472Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:smashballoon:smash_balloon_social_post_feed:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "99819476-EE02-4BE7-AD1A-5AB181910C65", "versionEndExcluding": "4.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages."}, {"lang": "es", "value": "El plugin Smash Balloon Social Post Feed de WordPress versiones anteriores a 4.0.1, no presentaba ninguna comprobaci\u00f3n de privilegios o nonce antes de guardar la configuraci\u00f3n del plugin. Como resultado, cualquier usuario conectado en un sitio vulnerable pod\u00eda actualizar la configuraci\u00f3n y almacenar JavaScript falso en cada una de sus publicaciones y p\u00e1ginas"}], "id": "CVE-2021-24918", "lastModified": "2021-12-15T13:50:58.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-29T09:15:08.027", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://jetpack.com/2021/10/29/security-issues-patched-in-smash-balloon-social-post-feed-plugin/"}, {"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5d252ad7-bf28-44f3-8cd0-c4fe05c48f35"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Secondary"}]}