Blog2Social
Approved changes feed: RSS · Atom
cpe:2.3:a:adenion:blog2social:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Adenion (e4079595-c121-5bbc-9c3a-0888227aed91) |
|---|---|
| Product | Blog2Social (d6045c21-633d-52d8-91d0-7d7a387d9931) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wp-plugins/blog2social |
purl2cpe | 2026-06-01 10:12:15.010683 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-4133 |
vulnerable | 2026-06-03 15:01:46.807010 |
Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 - Contributor+ Stored XSS
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks.
Published: 2025-05-22T06:00:08.775Z
Updated: 2025-05-22T13:24:12.606Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7302 |
vulnerable | 2026-06-03 14:58:05.501433 |
Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload
MEDIUM (6.4)
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file.
Published: 2024-08-01T06:47:04.088Z
Updated: 2026-04-08T17:09:55.393Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3678 |
vulnerable | 2026-06-03 14:56:31.711289 |
Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure
MEDIUM (5.3)
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts.
Published: 2024-04-26T07:28:18.777Z
Updated: 2026-04-08T16:44:18.507Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3549 |
vulnerable | 2026-06-03 14:56:24.663777 |
Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection
CRITICAL (9.9)
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Published: 2024-06-11T06:44:16.351Z
Updated: 2026-04-08T16:47:10.158Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40554 |
vulnerable | 2026-06-03 14:52:49.953479 |
WordPress Blog2Social Plugin <= 7.2.0 is vulnerable to Cross Site Scripting (XSS)
HIGH (7.1)
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions.
Published: 2023-09-06T08:14:39.927Z
Updated: 2026-04-28T16:08:36.712Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3936 |
vulnerable | 2026-06-03 14:52:42.170013 |
Blog2Social < 7.2.1 - Reflected XSS
The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Published: 2023-08-21T12:29:49.665Z
Updated: 2025-04-23T16:19:26.930Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3622 |
vulnerable | 2026-06-03 14:47:58.813211 |
Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update
MEDIUM (4.1)
The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.
Published: 2023-10-20T07:29:40.331Z
Updated: 2026-04-08T17:33:23.150Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3247 |
vulnerable | 2026-06-03 14:47:52.559131 |
Blog2Social < 6.9.10 - Subscriber+ SSRF
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks
Published: 2022-10-25T00:00:00.000Z
Updated: 2025-05-09T18:57:04.900Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3246 |
vulnerable | 2026-06-03 14:47:52.558697 |
Blog2Social < 6.9.10 - Subscriber+ SQLi
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers
Published: 2022-10-25T00:00:00.000Z
Updated: 2025-05-07T20:10:58.452Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24956 |
vulnerable | 2026-06-03 14:44:04.086246 |
Blog2Social < 6.8.7 - Reflected Cross-Site Scripting
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
Published: 2021-12-21T08:45:39.000Z
Updated: 2024-08-03T19:49:14.027Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24137 |
vulnerable | 2026-06-03 14:43:56.316889 |
Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.
Published: 2021-03-18T14:57:49.000Z
Updated: 2024-08-03T19:21:18.663Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-9576 |
vulnerable | 2026-06-03 14:40:49.391479 |
Details available
The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS.
Published: 2019-03-05T21:00:00.000Z
Updated: 2024-08-04T21:54:44.731Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-17550 |
vulnerable | 2026-06-03 14:39:56.492575 |
Details available
The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
Published: 2019-11-13T20:23:14.000Z
Updated: 2024-08-05T01:40:15.883Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-13572 |
vulnerable | 2026-06-03 14:39:42.927145 |
Details available
The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection.
Published: 2019-08-01T14:35:57.000Z
Updated: 2024-08-04T23:57:39.157Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.