RSS   Vulnerabilities for 'Blog2social'   RSS

2021-12-21
 
CVE-2021-24956

CWE-79
 

 
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue

 
2021-03-18
 
CVE-2021-24137

CWE-89
 

 
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.

 
2019-11-13
 
CVE-2019-17550

CWE-79
 

 
The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.

 
2019-08-01
 
CVE-2019-13572

CWE-89
 

 
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.

 


Copyright 2024, cxsecurity.com

 

Back to Top