5 matches found
CVE-2025-4133
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks...
WordPress Blog2Social: Social Media Auto Post & Scheduler plugin < 8.4.0 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Blog2Social versions 8.4.0...
CVE-2025-4133
creationtimestamp| type| source ---|---|--- 2025-05-22 06:42:18+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/17257 2025-05-22 09:15:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpqrppb4jt2m...
CVE-2025-4133 Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 - Contributor+ Stored XSS
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks...
CVE-2025-4133 Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 - Contributor+ Stored XSS
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks...