) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:adenion:blog2social:4.8.0:*:*:*:*:wordpress:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-3622 |
The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only. Published: October 20, 2023; 4:15:11 AM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2023-40554 |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions. Published: September 06, 2023; 5:15:08 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2023-3936 |
The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Published: August 21, 2023; 1:15:49 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
| CVE-2022-3247 |
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks Published: October 25, 2022; 1:15:56 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2022-3246 |
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers Published: October 25, 2022; 1:15:56 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2021-24956 |
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue Published: December 21, 2021; 4:15:07 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-24137 |
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands. Published: March 18, 2021; 11:15:14 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-17550 |
The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. Published: November 13, 2019; 4:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-13572 |
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2019-9576 |
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS. Published: March 05, 2019; 4:29:01 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |