Vulnerabilities > Smashballoon > Reviews Feed > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-27 | CVE-2024-8199 | Missing Authorization vulnerability in Smashballoon Reviews Feed The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_api_key' function in all versions up to, and including, 1.1.2. | 4.3 |
| 2024-08-27 | CVE-2024-8200 | Cross-Site Request Forgery (CSRF) vulnerability in Smashballoon Reviews Feed The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. | 4.3 |