WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Multiple Vulnerabilities (6.9.9)

Description

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler is prone to multiple vulnerabilities, including SQL injection and server-side request forgery vulnerabilities. An attacker may leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, or to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler version 6.9.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 6.9.10 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:ECE049B2-9A21-463D-9E8B-B4CE61919F0C

https://sploitus.com/exploit?id=WPEX-ID:EE312F22-CA58-451D-A1CB-3F78A6E5ECAF

https://plugins.svn.wordpress.org/blog2social/trunk/readme.txt

Related Vulnerabilities

PHP Other Vulnerability (CVE-2015-6835)

MySQL CVE-2015-0505 Vulnerability (CVE-2015-0505)

WordPress Plugin Advanced Woo Search Unspecified Vulnerability (1.69)

SharePoint Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1860)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5621)

Severity

High

Classification

CVE-2022-3246 CVE-2022-3247 CWE-89 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update