Vulnerabilities > Smashballoon > Reviews Feed

DATE CVE VULNERABILITY TITLE RISK
2024-08-27 CVE-2024-8199 Missing Authorization vulnerability in Smashballoon Reviews Feed
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_api_key' function in all versions up to, and including, 1.1.2.
network
low complexity
smashballoon CWE-862
4.3
4.3
2024-08-27 CVE-2024-8200 Cross-Site Request Forgery (CSRF) vulnerability in Smashballoon Reviews Feed
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2.
network
low complexity
smashballoon CWE-352
4.3
4.3