Blog2social: Social Media Auto Post & Scheduler
Sign in to watchby Unknown
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-3936 | 0.01 | — | 0.16 | Aug 21, 2023 | The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||
| CVE-2025-4133 | 0.00 | — | 0.00 | May 22, 2025 | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks. | ||
| CVE-2022-3246 | 0.00 | — | 0.01 | Oct 25, 2022 | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers | ||
| CVE-2022-3247 | 0.00 | — | 0.00 | Oct 25, 2022 | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks | ||
| CVE-2021-24956 | 0.00 | — | 0.02 | Dec 21, 2021 | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue | ||
| CVE-2021-24137 | 0.00 | — | 0.01 | Mar 18, 2021 | Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands. |