VYPR

Blog In Blog

by Blog In Blog Project

CVEs (2)

  • CVE-2023-2435HigMay 31, 2023
    risk 0.47cvss 7.2epss 0.01

    The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.0 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP…

  • CVE-2023-2436MedMay 31, 2023
    risk 0.29cvss 4.4epss 0.00

    The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…