cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forblog2social blog2social

Direction: ascending
Jun 07, 2024

Blog2Social: Social Media Auto Post & Scheduler # CVE-2019-17550

CVE, Research URL

CVE-2019-17550

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Date
Nov 14, 2019
Research Description
The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
Affected versions
Min -, max -.
Status
vulnerable

Blog2Social: Social Media Auto Post & Scheduler # CVE-2019-9576

CVE, Research URL

CVE-2019-9576

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Date
Mar 06, 2019
Research Description
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS.
Affected versions
Min -, max -.
Status
vulnerable

Blog2Social: Social Media Auto Post & Scheduler # CVE-2021-24956

CVE, Research URL

CVE-2021-24956

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Date
Dec 21, 2021
Research Description
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
Affected versions
Min -, max -.
Status
vulnerable

Blog2Social: Social Media Auto Post & Scheduler # CVE-2022-3622

CVE, Research URL

CVE-2022-3622

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Date
Oct 20, 2023
Research Description
The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.
Affected versions
Min -, max -.
Status
vulnerable

Blog2Social: Social Media Auto Post & Scheduler # CVE-2021-24137

CVE, Research URL

CVE-2021-24137

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Date
Mar 18, 2021
Research Description
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.
Affected versions
Min -, max -.
Status
vulnerable

Blog2Social: Social Media Auto Post & Scheduler # CVE-2022-3246

CVE, Research URL

CVE-2022-3246

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Date
Oct 25, 2022
Research Description
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers
Affected versions
Min -, max -.
Status
vulnerable

Blog2Social: Social Media Auto Post & Scheduler # CVE-2019-13572

CVE, Research URL

CVE-2019-13572

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Date
Aug 01, 2019
Research Description
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.
Affected versions
Min -, max -.
Status
vulnerable

Blog2Social: Social Media Auto Post & Scheduler # CVE-2023-3936

CVE, Research URL

CVE-2023-3936

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Date
Aug 21, 2023
Research Description
The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Affected versions
Min -, max -.
Status
vulnerable

Blog2Social: Social Media Auto Post & Scheduler # CVE-2022-3247

CVE, Research URL

CVE-2022-3247

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Date
Oct 25, 2022
Research Description
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks
Affected versions
Min -, max -.
Status
vulnerable

Blog2Social: Social Media Auto Post & Scheduler # CVE-2023-40554

CVE, Research URL

CVE-2023-40554

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Date
Sep 06, 2023
Research Description
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions.
Affected versions
Min -, max -.
Status
vulnerable

Blog2Social: Social Media Auto Post &amp; Scheduler # CVE-2024-3678

CVE, Research URL

CVE-2024-3678

Home page URL

Security reports for Blog2Social: Social Media Auto Post &amp; Scheduler

Application

Blog2Social: Social Media Auto Post &amp; Scheduler

Date
Apr 26, 2024
Research Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts.
Affected versions
Min -, max -.
Status
vulnerable
Jun 13, 2024

Blog2Social: Social Media Auto Post &amp; Scheduler # CVE-2024-3549

CVE, Research URL

CVE-2024-3549

Home page URL

Security reports for Blog2Social: Social Media Auto Post &amp; Scheduler

Application

Blog2Social: Social Media Auto Post &amp; Scheduler

Date
Jun 11, 2024
Research Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
Min -, max -.
Status
vulnerable
Aug 02, 2024

Blog2Social: Social Media Auto Post &amp; Scheduler # CVE-2024-7302

CVE, Research URL

CVE-2024-7302

Home page URL

Security reports for Blog2Social: Social Media Auto Post &amp; Scheduler

Application

Blog2Social: Social Media Auto Post &amp; Scheduler

Date
Aug 01, 2024
Research Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file.
Affected versions
Min -, max -.
Status
vulnerable
Jun 14, 2025

Blog2Social: Social Media Auto Post &amp; Scheduler # CVE-2025-4133

CVE, Research URL

CVE-2025-4133

Home page URL

Security reports for Blog2Social: Social Media Auto Post &amp; Scheduler

Application

Blog2Social: Social Media Auto Post &amp; Scheduler

Date
May 22, 2025
Research Description
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks.
Affected versions
Min -, max -.
Status
vulnerable
Jun 17, 2025

Blog2Social: Social Media Auto Post &amp; Scheduler # CVE-2025-5673

CVE, Research URL

CVE-2025-5673

Home page URL

Security reports for Blog2Social: Social Media Auto Post &amp; Scheduler

Application

Blog2Social: Social Media Auto Post &amp; Scheduler

Date
Jun 17, 2025
Research Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
Min -, max -.
Status
vulnerable