cleantalk
Vulnerabilities and Security Researches

Smash Balloon Social Post Feed, CVE-2025-49937

CVE, Research URL

CVE-2025-49937

Home page URL

Security reports for Smash Balloon Social Post Feed

Application

Smash Balloon Social Post Feed

Published on
Oct 22, 2025
Research Description
Missing Authorization vulnerability in Syed Balkhi Smash Balloon Social Post Feed custom-facebook-feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smash Balloon Social Post Feed: from n/a through <= 4.3.2.
Affected versions
max 4.3.2.
Status
vulnerable
Previous vulnerability researches
Advanced Flamingo (CVE-2023-52226) , Jun 07, 2024
New vulnerability
Simple User Import Export (CVE-2025-13133) , Dec 10, 2025
Analytics Germanized for Google Analytics (GDPR / DSGVO) (CVE-2025-64292) , Dec 10, 2025
Classified Listing – Classified ads &amp; Business Directory Plugin (CVE-2025-12953) , Dec 10, 2025
All-in-One Video Gallery (CVE-2025-12966) , Dec 10, 2025
Like-it (CVE-2025-12404) , Dec 10, 2025