Vulnerabilities > Back2Nature > Word Balloon > 4.19.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-21 | CVE-2024-35781 | Unspecified vulnerability in Back2Nature Word Balloon Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through 4.21.1. | 6.5 |
| 2023-12-04 | CVE-2023-5884 | Cross-Site Request Forgery (CSRF) vulnerability in Back2Nature Word Balloon The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link. | 6.5 |