229 matches found
CVE-2019-9576
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS...
CVE-2019-9576
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS...
Cross site scripting
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS...
CVE-2019-9576
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS...
CVE-2019-9576
CVE-2019-9576 affects the WordPress Blog2Social plugin prior to 5.0.3. The underlying issue is a reflected XSS in wp-admin/admin.php?page=blog2social-ship via the b2s_update_publish_date parameter, which is echoed without proper encoding in the Loader.php path, enabling script execution in the at...
WordPress Blog2Social 5.0.2 Cross Site Scripting
Vulnerability: XSS Affected Software: Blog2Social Affected Version: 5.0.2 Patched Version: 5.0.3 CVE: not requested Risk: Medium Vendor Contacted: 10/25/2018 Vendor Fix: 11/13/2018 Public Disclosure: 02/05/2019 Credit: Tim Coen CVSS 6.1 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Overview...
Blog2Social <= 5.0.2 - Authenticated Cross-Site Scripting (XSS)
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. PoC http://example.com/wp-admin/admin.php?page=blog2social-ship=70&b2s;action=1&b2s;updatepublishdate='"...
Blog2Social <= 5.0.2 - Authenticated Cross-Site Scripting (XSS)
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability. http://example.com/wp-admin/admin.php?page=blog2social-ship&postId=70&b2saction=1&b2supdatepublishdate='"...
Blog2Social <= 5.0.0 - PHP Obj Injection
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin was affected by a PHP Obj Injection security vulnerability...