CVE-2021-24956

CVE-2021-24956 concerns the WordPress plugin Blog2Social: Social Media Auto Post & Scheduler (versions

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Blog2Social: Social Media Auto Post...

Blog2Social < 6.8.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=blog2social&b2sShowByDate="alert/XSS/...

WordPress Blog2Social plugin <= 6.8.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Blog2Social plugin versions = 6.8.6. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.8.7...

Blog2Social < 6.8.7 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=blog2social&b2sShowByDate;="...

Wordpress Blog2Social SQL Injection Vulnerability

Wordpress Blog2Social is an application plugin for Wordpress. Provides an automatic posting and updating feature. A SQL injection vulnerability exists in WordPress Blog2Social plugin versions prior to 6.3.1, which stems from the fact that unauthenticated input can lead to SQL injection in the...

CVE-2021-24137

Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands...

CVE-2021-24137

Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands...

Sql injection

Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands...

CVE-2021-24137

CVE-2021-24137 affects the WordPress Blog2Social plugin prior to 6.3.1. Unvalidated input in the Re-Share Posts feature allows authenticated users to perform SQL injection, enabling arbitrary SQL execution against the database. The vulnerability is exploitable via the plugin’s Re-Share Posts flow...

CVE-2021-24137 Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection

Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands...

Wordpress Blog2Social SQL注入漏洞

Wordpress Blog2Social is an application plugin for Wordpress. Provides an automatic posting and updating feature. A SQL injection vulnerability exists in WordPress Blog2Social plugin versions prior to 6.3.1, which stems from the fact that unauthenticated input can lead to SQL injection in the...

WordPress Blog2Social plugin <= 6.3.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found by Nguyen Anh Tien in WordPress Blog2Social plugin versions = 6.3.0. Solution Update the WordPress Blog2Social plugin to the latest available version at least 6.3.1...

Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection

SQL Injection in the Blog2Social plugin 6.3.0 for WordPress exists via Re-Share Posts feature. PoC Please refer to the video below for steps to reproduce and demonstration of automatic exploit with sqlmap. - Mega.nz: https://mega.nz/file/mt1gFYTKe3XkA-zY0cCApTYlLZktRZ4Q4vchVhbPsNqQC6CKORo -...

Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection

SQL Injection in the Blog2Social plugin 6.3.0 for WordPress exists via Re-Share Posts feature. Please refer to the video below for steps to reproduce and demonstration of automatic exploit with sqlmap. - Mega.nz: https://mega.nz/file/mt1gFYTKe3XkA-zY0cCApTYlLZktRZ4Q4vchVhbPsNqQC6CKORo - Drive:...

WordPress Blog2Social Plugin < 5.9.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113569";...

WordPress Blog2Social plugin <=5.8.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Blog2Social plugin versions =5.8.1. Solution Update the WordPress Blog2Social plugin to the latest available version at least 5.9.0...

WordPress Blog2Social Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Blog2Social is a social media content auto-publishing plugin used in it. WordPress Blog2Social 5.9.0 before the version of...

Blog2Social < 5.9.0 - Cross-Site Scripting Issue

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin was affected by a Cross-Site Scripting Issue security vulnerability...

CVE-2019-17550

The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting XSS. The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2sid parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logge...