3 matches found
CVE-2022-3247
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks...
CVE-2022-3247
The WordPress Blog2Social: Social Media Auto Post & Scheduler plugin prior to version 6.9.10 is vulnerable to SSRF due to missing authorization in an AJAX action and failure to ensure the target URL is external. This allows any authenticated user (e.g., subscribers) to trigger SSRF. Remediation: ...
CVE-2022-3247 Blog2Social < 6.9.10 - Subscriber+ SSRF
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks...