{"id":1661,"date":"2021-11-02T10:29:00","date_gmt":"2021-11-02T10:29:00","guid":{"rendered":"https:\/\/seopolarity.com\/blog\/?p=1661"},"modified":"2021-11-15T13:35:01","modified_gmt":"2021-11-15T13:35:01","slug":"a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites","status":"publish","type":"post","link":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/","title":{"rendered":"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites"},"content":{"rendered":"\n<p>Smash Balloon Social Post Feed, a WordPress plugin, was discovered to have a vulnerability that allowed an attacker to upload malicious scripts to the websites. Jetpack security researchers discovered the vulnerability and notified the plugin publishers, who patched it and released version 4.0.1. Versions prior to that one are at risk.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-social-post-feed-for-smash-balloon\">Social Post Feed for Smash Balloon<\/h2>\n\n\n\n<p>The Smash Balloon Social Post Feed WordPress plugin converts Facebook feeds into posts on a WordPress site.<\/p>\n\n\n\n<p>The free version of the plugin is intended to display Facebook posts in a manner consistent with the look and feel of the site on which the Facebook content is republished. The paid &#8220;pro&#8221; version also allows you to republish images, videos, and comments.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Cross-Site Scripting via Arbitrary Setting Update<\/h2>\n\n\n\n<p>A Stored Cross-Site Scripting exploit (Stored XSS) is a type of cross-site scripting vulnerability that allows a malicious attacker to upload and permanently store harmful scripts on the server.<\/p>\n\n\n\n<p><strong>The following is how the non-profit Open Web Application Security Project (OWASP) defines Stored XSS vulnerabilities:<\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cStored attacks are those where the injected script is permanently stored on the target servers, such as in a database\u2026.<\/p><p>The victim then retrieves the malicious script from the server when it requests the stored information.\u201d<\/p><\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">Checks for Privilege and Nonce are missing<\/h2>\n\n\n\n<p>The Jetpack security warning stated that the Smash Balloon Social Post Feed WordPress plugin had two security flaws that caused it to become a security risk. Checks for Privilege and Nonce were missing.<\/p>\n\n\n\n<p>XSS attacks are common anywhere there is a way to upload or enter something into a WordPress site. It could be through a form, comments, or anywhere else a user can enter data.<\/p>\n\n\n\n<p>A WordPress plugin is supposed to protect the site by performing checks, such as determining the level of privilege a user has (subscriber, editor, administrator).<\/p>\n\n\n\n<p>Without a proper privilege check, a user at the lowest level, such as a subscriber, can perform actions that would normally necessitate the highest levels of access, such as administrator-level privileges.<\/p>\n\n\n\n<p>A nonce is a one-time-use security token designed to protect inputs from attacks.<\/p>\n\n\n\n<p><strong>The following is an explanation of the value of nonces from the WordPress Nonce Documentation:<\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cIf your theme allows users to submit data; be it in the Admin or the front-end; nonces can be used to verify a user intends to perform an action, and is instrumental in protecting against Cross-Site Request Forgery(CSRF).<\/p><p>An example is a WordPress site in which authorized users are allowed to upload videos.\u201d<\/p><\/blockquote>\n\n\n\n<p>Jetpack discovered a flaw in the Smash Balloon plugin that failed to perform privilege and nonce checks, leaving the site vulnerable to attack.<\/p>\n\n\n\n<p><strong>Jetpack described how the vulnerability exposed websites in the following way:<\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cThe wp_ajax_cff_save_settings AJAX action, which is responsible for updating the plugin\u2019s inner settings, did not perform any privilege or nonce checks before doing so. This made it possible for any logged-in users to call this action and update any of the plugin\u2019s settings.<\/p><p>Unfortunately, one of these settings, customJS, enables administrators to store custom JavaScript on their site\u2019s posts and pages. Updating this setting is all it would\u2019ve taken for a bad actor to store malicious scripts on the site.\u201d<\/p><\/blockquote>\n\n\n\n<p>The Smash Balloon Social Post Feed WordPress plugin changelog, which details what each version update contains, correctly notes that a security issue was resolved.<\/p>\n\n\n\n<p>It is not only responsible for fixing vulnerabilities in a timely manner, as Smash Balloon did, but it is also responsible for noting it on the changelog, as Smash Balloon did.<\/p>\n\n\n\n<p><strong>According to the changelog:<\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cFix: Improved security hardening.\u201d<\/p><\/blockquote>\n\n\n\n<p>The Stored XSS attack, which allows malicious scripts to be uploaded, has recently been fixed in Recommended Action Smash Balloon Social Post Feed.<\/p>\n\n\n\n<p>Jetpack recommends updating the Smash Balloon Social Post Feed to the most recent version available at the time of writing, version 4.0.1. Failure to do so may render a WordPress installation dangerous.<\/p>\n\n\n\n<p>Need help with our free SEO tools? Try our free <a href=\"https:\/\/seopolarity.com\/robots-txt-generator\" target=\"_blank\" rel=\"noreferrer noopener\">Robots.txt Generator<\/a>, <a href=\"https:\/\/seopolarity.com\/get-source-code-of-webpage\" target=\"_blank\" rel=\"noreferrer noopener\">Get Source Code of Webpage<\/a>, <a href=\"https:\/\/seopolarity.com\/domain-into-ip\" target=\"_blank\" rel=\"noreferrer noopener\">Domain into IP<\/a>. <\/p>\n\n\n\n<p>Learn more from <a href=\"https:\/\/seopolarity.com\/blog\/category\/web-development\/wp\/\">WordPress <\/a>and read <a href=\"https:\/\/fileproinfo.com\/blog\/thousands-of-small-businesses-are-getting-results-with-digital-signage\/2021\/\" target=\"_blank\" rel=\"noreferrer noopener\">Thousands of Small Businesses are Getting Results with Digital Signage<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The vulnerability in the Smash Balloon Social Post Feed WordPress plugin exposes over 200,000 websites to a Stored XSS vulnerability.<\/p>\n","protected":false},"author":1,"featured_media":1663,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[40,74,76],"tags":[],"class_list":["post-1661","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-web-development","category-wp"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites | SEOPolarity<\/title>\n<meta name=\"description\" content=\"The vulnerability in the Smash Balloon Social Post Feed WordPress plugin exposes over 200,000 websites to a Stored XSS vulnerability.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites\" \/>\n<meta property=\"og:description\" content=\"The vulnerability in the Smash Balloon Social Post Feed WordPress plugin exposes over 200,000 websites to a Stored XSS vulnerability.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/\" \/>\n<meta property=\"og:site_name\" content=\"SEOPolarity\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-02T10:29:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-15T13:35:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"seoadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites\" \/>\n<meta name=\"twitter:description\" content=\"The vulnerability in the Smash Balloon Social Post Feed WordPress plugin exposes over 200,000 websites to a Stored XSS vulnerability.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"seoadmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/\"},\"author\":{\"name\":\"seoadmin\",\"@id\":\"https:\/\/seopolarity.com\/blog\/#\/schema\/person\/95a6a9a6680ce217386574a4984fa538\"},\"headline\":\"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites\",\"datePublished\":\"2021-11-02T10:29:00+00:00\",\"dateModified\":\"2021-11-15T13:35:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/\"},\"wordCount\":702,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/seopolarity.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg\",\"articleSection\":[\"News\",\"Web Development\",\"WordPress\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/\",\"url\":\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/\",\"name\":\"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites | SEOPolarity\",\"isPartOf\":{\"@id\":\"https:\/\/seopolarity.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg\",\"datePublished\":\"2021-11-02T10:29:00+00:00\",\"dateModified\":\"2021-11-15T13:35:01+00:00\",\"description\":\"The vulnerability in the Smash Balloon Social Post Feed WordPress plugin exposes over 200,000 websites to a Stored XSS vulnerability.\",\"breadcrumb\":{\"@id\":\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#primaryimage\",\"url\":\"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg\",\"contentUrl\":\"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg\",\"width\":1200,\"height\":675,\"caption\":\"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/seopolarity.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/seopolarity.com\/blog\/#website\",\"url\":\"https:\/\/seopolarity.com\/blog\/\",\"name\":\"SEO Polarity Blog\",\"description\":\"Free Online SEO Tools &amp; Blogs\",\"publisher\":{\"@id\":\"https:\/\/seopolarity.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/seopolarity.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/seopolarity.com\/blog\/#organization\",\"name\":\"SEO Polarity\",\"url\":\"https:\/\/seopolarity.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/seopolarity.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/10\/seopolarity-logo-header.png\",\"contentUrl\":\"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/10\/seopolarity-logo-header.png\",\"width\":193,\"height\":30,\"caption\":\"SEO Polarity\"},\"image\":{\"@id\":\"https:\/\/seopolarity.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/seopolarity.com\/blog\/#\/schema\/person\/95a6a9a6680ce217386574a4984fa538\",\"name\":\"seoadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/seopolarity.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/779772115dd1b79d5fbb91a1e2d3acb5318c780d6986d556300e1902f867ee5b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/779772115dd1b79d5fbb91a1e2d3acb5318c780d6986d556300e1902f867ee5b?s=96&d=mm&r=g\",\"caption\":\"seoadmin\"},\"sameAs\":[\"https:\/\/seopolarity.com\/blog\"],\"url\":\"https:\/\/seopolarity.com\/blog\/author\/seoadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites | SEOPolarity","description":"The vulnerability in the Smash Balloon Social Post Feed WordPress plugin exposes over 200,000 websites to a Stored XSS vulnerability.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/","og_locale":"en_US","og_type":"article","og_title":"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites","og_description":"The vulnerability in the Smash Balloon Social Post Feed WordPress plugin exposes over 200,000 websites to a Stored XSS vulnerability.","og_url":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/","og_site_name":"SEOPolarity","article_published_time":"2021-11-02T10:29:00+00:00","article_modified_time":"2021-11-15T13:35:01+00:00","og_image":[{"width":1200,"height":675,"url":"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg","type":"image\/jpeg"}],"author":"seoadmin","twitter_card":"summary_large_image","twitter_title":"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites","twitter_description":"The vulnerability in the Smash Balloon Social Post Feed WordPress plugin exposes over 200,000 websites to a Stored XSS vulnerability.","twitter_image":"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg","twitter_misc":{"Written by":"seoadmin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#article","isPartOf":{"@id":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/"},"author":{"name":"seoadmin","@id":"https:\/\/seopolarity.com\/blog\/#\/schema\/person\/95a6a9a6680ce217386574a4984fa538"},"headline":"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites","datePublished":"2021-11-02T10:29:00+00:00","dateModified":"2021-11-15T13:35:01+00:00","mainEntityOfPage":{"@id":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/"},"wordCount":702,"commentCount":0,"publisher":{"@id":"https:\/\/seopolarity.com\/blog\/#organization"},"image":{"@id":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#primaryimage"},"thumbnailUrl":"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg","articleSection":["News","Web Development","WordPress"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/","url":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/","name":"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites | SEOPolarity","isPartOf":{"@id":"https:\/\/seopolarity.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#primaryimage"},"image":{"@id":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#primaryimage"},"thumbnailUrl":"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg","datePublished":"2021-11-02T10:29:00+00:00","dateModified":"2021-11-15T13:35:01+00:00","description":"The vulnerability in the Smash Balloon Social Post Feed WordPress plugin exposes over 200,000 websites to a Stored XSS vulnerability.","breadcrumb":{"@id":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#primaryimage","url":"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg","contentUrl":"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg","width":1200,"height":675,"caption":"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites"},{"@type":"BreadcrumbList","@id":"https:\/\/seopolarity.com\/blog\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites\/2021\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/seopolarity.com\/blog\/"},{"@type":"ListItem","position":2,"name":"A vulnerability in the WordPress Facebook Feed Plugin exposes over 200,000 websites"}]},{"@type":"WebSite","@id":"https:\/\/seopolarity.com\/blog\/#website","url":"https:\/\/seopolarity.com\/blog\/","name":"SEO Polarity Blog","description":"Free Online SEO Tools &amp; Blogs","publisher":{"@id":"https:\/\/seopolarity.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/seopolarity.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/seopolarity.com\/blog\/#organization","name":"SEO Polarity","url":"https:\/\/seopolarity.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/seopolarity.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/10\/seopolarity-logo-header.png","contentUrl":"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/10\/seopolarity-logo-header.png","width":193,"height":30,"caption":"SEO Polarity"},"image":{"@id":"https:\/\/seopolarity.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/seopolarity.com\/blog\/#\/schema\/person\/95a6a9a6680ce217386574a4984fa538","name":"seoadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/seopolarity.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/779772115dd1b79d5fbb91a1e2d3acb5318c780d6986d556300e1902f867ee5b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/779772115dd1b79d5fbb91a1e2d3acb5318c780d6986d556300e1902f867ee5b?s=96&d=mm&r=g","caption":"seoadmin"},"sameAs":["https:\/\/seopolarity.com\/blog"],"url":"https:\/\/seopolarity.com\/blog\/author\/seoadmin\/"}]}},"jetpack_featured_media_url":"https:\/\/seopolarity.com\/blog\/wp-content\/uploads\/2021\/11\/a-vulnerability-in-the-wordpress-facebook-feed-plugin-exposes-over-200000-websites.jpg","jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/seopolarity.com\/blog\/wp-json\/wp\/v2\/posts\/1661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/seopolarity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/seopolarity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/seopolarity.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/seopolarity.com\/blog\/wp-json\/wp\/v2\/comments?post=1661"}],"version-history":[{"count":3,"href":"https:\/\/seopolarity.com\/blog\/wp-json\/wp\/v2\/posts\/1661\/revisions"}],"predecessor-version":[{"id":1689,"href":"https:\/\/seopolarity.com\/blog\/wp-json\/wp\/v2\/posts\/1661\/revisions\/1689"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/seopolarity.com\/blog\/wp-json\/wp\/v2\/media\/1663"}],"wp:attachment":[{"href":"https:\/\/seopolarity.com\/blog\/wp-json\/wp\/v2\/media?parent=1661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/seopolarity.com\/blog\/wp-json\/wp\/v2\/categories?post=1661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/seopolarity.com\/blog\/wp-json\/wp\/v2\/tags?post=1661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}