cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7302,https://securityvulnerability.io/vulnerability/CVE-2024-7302,Stored Cross-Site Scripting vulnerability in Blog2Social Social Media Auto Post & Scheduler plugin,"The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file.",Wordpress,Blog2social: Social Media Auto Post & Scheduler,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-08-01T06:47:04.088Z,0
CVE-2024-3549,https://securityvulnerability.io/vulnerability/CVE-2024-3549,SQL Injection Vulnerability in Blog2Social Social Media Auto Post & Scheduler Plugin for WordPress,"The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress has a vulnerability that allows for SQL Injection through the 'b2sSortPostType' parameter. This flaw exists in all versions up to and including 7.4.1, stemming from inadequate escaping of user-supplied input and insufficient query preparation. Authenticated attackers with subscriber access or higher can exploit this vulnerability to inject additional SQL queries. This exploitation could lead to unauthorized access and extraction of sensitive data from the plugin's database.",Wordpress,Blog2social: Social Media Auto Post & Scheduler,9.9,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-11T06:44:16.351Z,0
CVE-2022-3622,https://securityvulnerability.io/vulnerability/CVE-2022-3622,Authorization Bypass in Blog2Social Plugin for WordPress,"The Blog2Social plugin for WordPress is susceptible to an authorization bypass vulnerability caused by inadequate capability checks. This flaw affects versions up to and including 6.9.11, enabling authenticated users with subscriber-level permissions and higher to modify settings that should be reserved strictly for admin users. This presents a significant security risk as it undermines the integrity of plugin management and could lead to unauthorized changes in user configurations.",Wordpress,Blog2social: Social Media Auto Post & Scheduler,4.7,MEDIUM,0.0006699999794363976,false,,false,false,false,,false,false,2023-10-20T07:29:40.331Z,0
CVE-2023-3936,https://securityvulnerability.io/vulnerability/CVE-2023-3936,Blog2Social < 7.2.1 - Reflected XSS,"The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Blog2Social: Social Media Auto Post & Scheduler,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,false,false,2023-08-21T17:15:00.000Z,0
CVE-2022-3246,https://securityvulnerability.io/vulnerability/CVE-2022-3246,Blog2Social < 6.9.10 - Subscriber+ SQLi,"The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers",Wordpress,Blog2social: Social Media Auto Post & Scheduler,8.8,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-10-25T00:00:00.000Z,0
CVE-2022-3247,https://securityvulnerability.io/vulnerability/CVE-2022-3247,Blog2Social < 6.9.10 - Subscriber+ SSRF,"The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks",Wordpress,Blog2social: Social Media Auto Post & Scheduler,6.5,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-10-25T00:00:00.000Z,0
CVE-2021-24956,https://securityvulnerability.io/vulnerability/CVE-2021-24956,Blog2Social < 6.8.7 - Reflected Cross-Site Scripting,"The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue",Wordpress,Blog2social: Social Media Auto Post & Scheduler,6.1,MEDIUM,0.0011699999449774623,false,,false,false,false,,false,false,2021-12-21T08:45:39.000Z,0
CVE-2021-24137,https://securityvulnerability.io/vulnerability/CVE-2021-24137,Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection,"Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.",Wordpress,Blog2social: Social Media Auto Post & Scheduler,8.8,HIGH,0.0016499999910593033,false,,false,false,false,,false,false,2021-03-18T14:57:49.000Z,0
CVE-2019-17550,https://securityvulnerability.io/vulnerability/CVE-2019-17550,,"The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.",Wordpress,Blog2social,6.1,MEDIUM,0.0009599999757483602,false,,false,false,false,,false,false,2019-11-13T20:23:14.000Z,0
CVE-2019-13572,https://securityvulnerability.io/vulnerability/CVE-2019-13572,,The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.,Wordpress,Blog2social,9.8,CRITICAL,0.0025400000158697367,false,,false,false,false,,false,false,2019-08-01T14:35:57.000Z,0
CVE-2019-9576,https://securityvulnerability.io/vulnerability/CVE-2019-9576,,The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS.,Wordpress,Blog2social,6.1,MEDIUM,0.002219999907538295,false,,false,false,false,,false,false,2019-03-05T21:00:00.000Z,0