Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
adenion vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-17550
The Blog2Social plugin prior to 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an malicious user to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: Whe...
Adenion Blog2social
8.8
CVSSv3
CVE-2022-3246
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin prior to 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers
Adenion Blog2social
6.5
CVSSv3
CVE-2022-3247
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin prior to 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform...
Adenion Blog2social
4.3
CVSSv3
CVE-2022-3622
The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings in...
Adenion Blog2social
6.1
CVSSv3
CVE-2023-40554
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions.
Adenion Blog2social
6.1
CVSSv3
CVE-2023-3936
The Blog2Social WordPress plugin prior to 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Adenion Blog2social
6.1
CVSSv3
CVE-2021-24956
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin prior to 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
Adenion Blog2social
8.8
CVSSv3
CVE-2021-24137
Unvalidated input in the Blog2Social WordPress plugin, versions prior to 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.
Adenion Blog2social
6.1
CVSSv3
CVE-2019-9576
The Blog2Social plugin prior to 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS.
Adenion Blog2social
9.8
CVSSv3
CVE-2019-13572
The Adenion Blog2Social plugin up to and including 5.5.0 for WordPress allows SQL Injection.
Adenion Blog2social
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started