Adenion

Blog2social

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-4133

Exploit
  • EPSS 0.05%
  • Veröffentlicht 22.05.2025 06:15:57
  • Zuletzt bearbeitet 09.06.2025 20:13:53

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks.

5.4

CVE-2024-7302

  • EPSS 0.09%
  • Veröffentlicht 01.08.2024 07:15:03
  • Zuletzt bearbeitet 01.03.2025 02:14:17

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This m...

9.9

CVE-2024-3549

  • EPSS 0.47%
  • Veröffentlicht 11.06.2024 07:15:41
  • Zuletzt bearbeitet 05.06.2025 20:49:39

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and la...

5.3

CVE-2024-3678

  • EPSS 0.44%
  • Veröffentlicht 26.04.2024 08:15:13
  • Zuletzt bearbeitet 05.06.2025 20:51:19

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information fro...

4.3

CVE-2022-3622

  • EPSS 0.15%
  • Veröffentlicht 20.10.2023 08:15:11
  • Zuletzt bearbeitet 21.11.2024 07:19:53

The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

6.1

CVE-2023-40554

  • EPSS 0.13%
  • Veröffentlicht 06.09.2023 09:15:08
  • Zuletzt bearbeitet 21.11.2024 08:19:42

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions.

6.1

CVE-2023-3936

Exploit
  • EPSS 10.3%
  • Veröffentlicht 21.08.2023 17:15:49
  • Zuletzt bearbeitet 23.04.2025 17:16:38

The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

8.8

CVE-2022-3246

Exploit
  • EPSS 1.16%
  • Veröffentlicht 25.10.2022 17:15:56
  • Zuletzt bearbeitet 07.05.2025 21:15:56

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscr...

6.5

CVE-2022-3247

Exploit
  • EPSS 0.6%
  • Veröffentlicht 25.10.2022 17:15:56
  • Zuletzt bearbeitet 09.05.2025 19:15:54

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as ...

6.1

CVE-2021-24956

Exploit
  • EPSS 1.52%
  • Veröffentlicht 21.12.2021 09:15:07
  • Zuletzt bearbeitet 21.11.2024 05:54:04

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue