Vulnerabilities > Adenion > Blog2Social > 6.7.0

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2022-3622 Missing Authorization vulnerability in Adenion Blog2Social
The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11.
network
low complexity
adenion CWE-862
4.3
2023-09-06 CVE-2023-40554 Cross-site Scripting vulnerability in Adenion Blog2Social
Unauth.
network
low complexity
adenion CWE-79
6.1
2023-08-21 CVE-2023-3936 Unspecified vulnerability in Adenion Blog2Social
The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
adenion
6.1
2022-10-25 CVE-2022-3246 SQL Injection vulnerability in Adenion Blog2Social
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers
network
low complexity
adenion CWE-89
8.8
2022-10-25 CVE-2022-3247 Server-Side Request Forgery (SSRF) vulnerability in Adenion Blog2Social
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one.
network
low complexity
adenion CWE-918
6.5