225 matches found
Blog2Social < 7.2.1 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...
Blog2Social < 7.2.1 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below...
PT-2023-6987
Name of the Vulnerable Software and Affected Versions Blog2Social WordPress plugin versions prior to 7.2.1 Description The issue arises from the plugin's failure to properly sanitise and escape a parameter before outputting it back in the page. This leads to a Reflected Cross-Site Scripting XSS...
WordPress Blog2Social Plugin < 6.3.1 SQLi Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adenion:blog2social"; if description...
WordPress Blog2Social Plugin < 6.9.10 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adenion:blog2social"; if description...
WordPress Blog2Social Plugin < 6.8.7 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adenion:blog2social"; if description...
WordPress Blog2Social 6.9.11 Missing Authorization Vulnerability
Description: Missing Authorization to Authenticated Subscriber+ Settings Update Affected Plugin: Blog2Social Plugin Slug: blog2social Affected Versions: = 6.9.11 CVE ID: CVE-2022-3622 CVSS Score: 4.7 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Researcher/s: Marco Wotschka Ful...
WordPress plugin Blog2Social 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Blog2Social 6.9.11 Missing Authorization
Description: Missing Authorization to Authenticated Subscriber+ Settings Update Affected Plugin: Blog2Social Plugin Slug: blog2social Affected Versions: = 6.9.11 CVE ID: CVE-2022-3622 CVSS Score: 4.7 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N Researcher/s: Marco Wotschka Ful...
Missing Authorization Vulnerability in Blog2Social Plugin
On October 5, 2022, the Wordfence Threat Intelligence team responsibly disclosed a Missing Authorization vulnerability in Blog2Social, a WordPress plugin installed on over 70,000 sites that allows users to set up post sharing to various social networks. Vulnerable versions of the plugin make it...
WordPress Blog2Social plugin <= 6.9.11 - Missing Authorization to Auth. Settings Update vulnerability
Missing Authorization to Auth. Settings Update vulnerability discovered by Marco Wotschka in the WordPress Blog2Social plugin versions = 6.9.11. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.9.12...
Blog2Social < 6.9.12 - Subscriber+ Settings Update
The plugin does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...
WordPress Blog2Social SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
WordPress Blog2Social server-side request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Blog2Social version before 6.9.10...
CVE-2022-3247
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks...
CVE-2022-3246
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...
CVE-2022-3247
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks...
CVE-2022-3246
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...
Server side request forgery (ssrf)
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks...
Sql injection
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...