Description
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler is prone to multiple vulnerabilities, including SQL injection and server-side request forgery vulnerabilities. An attacker may leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, or to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler version 6.9.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.9.10 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:ECE049B2-9A21-463D-9E8B-B4CE61919F0C
https://sploitus.com/exploit?id=WPEX-ID:EE312F22-CA58-451D-A1CB-3F78A6E5ECAF
https://plugins.svn.wordpress.org/blog2social/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Open Redirect (4.0)
WordPress Plugin NextGEN Gallery-WordPress Gallery PHP Object Injection (3.1.5)
SharePoint CVE-2019-1205 Vulnerability (CVE-2019-1205)
WordPress Plugin WP Booking Cross-Site Scripting (1.4)
silverstripeCMS Incorrect Authorization Vulnerability (CVE-2021-28661)