Vulnerabilities > Blog IN Blog Project > Blog IN Blog > 1.1.1

DATE CVE VULNERABILITY TITLE RISK
2023-05-31 CVE-2023-2435 Path Traversal vulnerability in Blog-In-Blog Project Blog-In-Blog 1.1.1
The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute.
network
low complexity
blog-in-blog-project CWE-22
7.2
7.2
2023-05-31 CVE-2023-2436 Cross-site Scripting vulnerability in Blog-In-Blog Project Blog-In-Blog 1.1.1
The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
blog-in-blog-project CWE-79
4.8
4.8