Description
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler is prone to multiple vulnerabilities, including SQL injection and server-side request forgery vulnerabilities. An attacker may leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, or to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler version 6.9.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.9.10 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:ECE049B2-9A21-463D-9E8B-B4CE61919F0C
https://sploitus.com/exploit?id=WPEX-ID:EE312F22-CA58-451D-A1CB-3F78A6E5ECAF
https://plugins.svn.wordpress.org/blog2social/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin GDPR CCPA Compliance Support PHP Object Injection (2.3)
Oracle Database Server CVE-2019-2955 Vulnerability (CVE-2019-2955)
WordPress Plugin External 'Video for Everybody' Cross-Site Scripting (2.0)
IBM WebSEAL Insufficiently Protected Credentials Vulnerability (CVE-2021-20439)
WordPress Plugin WordPress Custom Global Variable Unspecified Vulnerability (3.0.0)