Adenion: >> Blog2social Security Vulnerabilities
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.
CVSS Score
8.8
EPSS Score
0.007
Published
2021-03-18
The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-11-13
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-08-01
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-03-05
Page 2