Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Adenion Subscribe
Filtered by product Blog2social
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13572 1 Adenion 1 Blog2social 2023-02-24 7.5 HIGH 9.8 CRITICAL
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.
CVE-2022-3246 1 Adenion 1 Blog2social 2022-10-27 N/A 8.8 HIGH
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers
CVE-2022-3247 1 Adenion 1 Blog2social 2022-10-27 N/A 6.5 MEDIUM
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks
CVE-2021-24956 1 Adenion 1 Blog2social 2021-12-27 4.3 MEDIUM 6.1 MEDIUM
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
CVE-2021-24137 1 Adenion 1 Blog2social 2021-03-23 6.5 MEDIUM 8.8 HIGH
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.
CVE-2019-9576 1 Adenion 1 Blog2social 2021-02-24 4.3 MEDIUM 6.1 MEDIUM
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS.
CVE-2019-17550 1 Adenion 1 Blog2social 2019-11-18 4.3 MEDIUM 6.1 MEDIUM
The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.