CVE-2024-7302

CVE-2024-7302 : Blog2Social for WordPress is vulnerable to authenticated Stored XSS via 3gp2 uploads in versions

WordPress Blog2Social plugin <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Blog2Social versions = 7.5.4...

WordPress Blog2Social Plugin <= 7.5.4 is vulnerable to Cross Site Scripting (XSS)

Software Blog2Social Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7302 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 205a76aa5842 Credits wesley wcraft Required...

WordPress plugin Blog2Social 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-38249 · WordPress · Blog2Social

Name of the Vulnerable Software and Affected Versions: Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to, and including, 7.5.4 Description: The issue is related to Stored Cross-Site Scripting via 3gp2 file uploads due to insufficient input sanitization and output...

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

CVE-2024-3549

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

CVE-2024-3549 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...

CVE-2024-3549

CVE-2024-3549 affects Blog2Social: Social Media Auto Post & Scheduler for WordPress. The vulnerability is an SQL Injection in the b2sSortPostType parameter present in all versions up to 7.4.1, caused by insufficient escaping and lack of prepared statements in the SQL query. It requires authentica...

Wordpress Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.4.1 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by 1337Wannabe in WordPress Plugin Blog2Social versions = 7.4.1...

WordPress Blog2Social Plugin <= 7.4.1 is vulnerable to SQL Injection

Software Blog2Social Type Plugin Vulnerable versions = 7.4.1 Fixed in 7.4.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-3549 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 340183160613 Credits 1337Wannabe Required privilege Subscriber Published ...

The vulnerability of the Blog2Social plugin of the WordPress content management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Blog2Social plugin of the WordPress content management system is related to insufficient protection of administrative data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2024-3678 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts...

WordPress Blog2Social plugin <= 7.4.2 - Information Exposure vulnerability

Information Exposure vulnerability discovered by Krzysztof Zając in WordPress Plugin Blog2Social versions = 7.4.2...

WordPress Blog2Social Plugin <= 7.4.2 is vulnerable to Sensitive Data Exposure

Software Blog2Social Type Plugin Vulnerable versions = 7.4.2 Fixed in 7.5.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-3678 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 77fc3cc49ee3 Credits Krzysztof Zając Required...

WordPress plugin Blog2Social 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-3150 · WordPress · Blog2Social

Name of the Vulnerable Software and Affected Versions: Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to, and including, 7.4.2 Description: The issue is related to insufficient protection of sensitive data, allowing unauthenticated attackers to view limited...

The vulnerability of the Blog2Social plugin of the WordPress content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the Blog2Social plugin of the WordPress content management system exists due to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

WordPress Blog2Social Plugin < 6.9.12 Missing Authorization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adenion:blog2social"; ifdescription...

CVE-2022-3622

The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be...