The vulnerability of the Blog2Social plugin of the WordPress content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the Blog2Social plugin of the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2023-40554 WordPress Blog2Social Plugin <= 7.2.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin = 7.2.0 versions...

CVE-2023-3936

The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Blog2Social Plugin <= 7.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Blog2Social Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40554 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID bf0b6787bf84 Credits Phd Required privileg...

WordPress Blog2Social server-side request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Blog2Social version before 6.9.10...

CVE-2022-3247

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks...

CVE-2022-3247 Blog2Social < 6.9.10 - Subscriber+ SSRF

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks...

CVE-2022-3246 Blog2Social < 6.9.10 - Subscriber+ SQLi

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...

CVE-2021-24137

Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands...

WordPress Blog2Social plugin <= 6.3.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Nguyen Anh Tien in WordPress Blog2Social plugin versions = 6.3.0. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.3.1...

CVE-2019-17550

The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2sid parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logge...

CVE-2019-17550

The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2sid parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logge...

Cross site scripting

The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2sid parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logge...

CVE-2019-17550

CVE-2019-17550 affects the WordPress Blog2Social plugin prior to version 5.9.0. The vulnerability is a reflected Cross‑Site Scripting (XSS) in the b2s_id parameter handled by views/b2s/post.calendar.php. When an administrator is logged in, clicking a malicious URL can cause arbitrary HTML/JavaScr...

CVE-2019-17550

The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2sid parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logge...

CVE-2019-13572

The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection...

CVE-2019-9576

The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS...

Cross site scripting

The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS...

CVE-2019-9576

The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS...