CVE-2022-3247 Blog2Social < 6.9.10 - Subscriber+ SSRF

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks...

CVE-2022-3246 Blog2Social < 6.9.10 - Subscriber+ SQLi

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...

CVE-2022-3247 Blog2Social < 6.9.10 - Subscriber+ SSRF

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks...

WordPress plugin Blog2Social SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2022-3247

The WordPress Blog2Social: Social Media Auto Post & Scheduler plugin prior to version 6.9.10 is vulnerable to SSRF due to missing authorization in an AJAX action and failure to ensure the target URL is external. This allows any authenticated user (e.g., subscribers) to trigger SSRF. Remediation: ...

CVE-2022-3246 Blog2Social < 6.9.10 - Subscriber+ SQLi

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers...

PT-2022-21335 · WordPress · Blog2Social

Name of the Vulnerable Software and Affected Versions: Blog2Social: Social Media Auto Post & Scheduler WordPress plugin versions prior to 6.9.10 Description: The issue allows any authenticated users, such as subscribers, to perform SSRF Server-Side Request Forgery attacks due to the lack of...

PT-2022-21334 · WordPress · Blog2Social

Name of the Vulnerable Software and Affected Versions: Blog2Social: Social Media Auto Post & Scheduler WordPress plugin versions prior to 6.9.10 Description: The issue is related to a SQL injection that occurs due to improper sanitization and escaping of a parameter used in a SQL statement. This...

CVE-2022-3246

CVE-2022-3246 affects the WordPress plugin Blog2Social: Social Media Auto Post & Scheduler versions prior to 6.9.10. The vulnerability is a SQL injection caused by improper sanitization/escaping of a parameter before it is used in a SQL statement, exploitable by any authenticated user (e.g., subs...

WordPress plugin Blog2Social 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Blog2Social version before 6.9.10...

Blog2Social < 6.9.10 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers PoC Run the script below in the web browser console while being logged in as a subscriber and on the Blog2Social...

WordPress Blog2Social plugin <= 6.9.9 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Sakri Rafael Koskimies in WordPress Blog2Social plugin versions = 6.9.9. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.9.10...

WordPress Blog2Social plugin <= 6.9.9 - Authenticated Server-Side Request Forgery (SSRF) vulnerability

Authenticated Server-Side Request Forgery SSRF vulnerability discovered by Sakri Rafael Koskimies in WordPress Blog2Social plugin versions = 6.9.9. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.9.10...

Blog2Social < 6.9.10 - Subscriber+ SSRF

The plugin does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks Run this script in the web browser console while being logged in as a subscriber...

Blog2Social < 6.9.10 - Subscriber+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers Run the script below in the web browser console while being logged in as a subscriber and on the Blog2Social...

WordPress Blog2Social Plugin <= 5.5.0 SQLi Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

CVE-2021-24956

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24956

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

Cross site scripting

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24956 Blog2Social < 6.8.7 - Reflected Cross-Site Scripting

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...