Description
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler is prone to multiple vulnerabilities, including SQL injection and server-side request forgery vulnerabilities. An attacker may leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, or to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler version 6.9.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.9.10 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:ECE049B2-9A21-463D-9E8B-B4CE61919F0C
https://sploitus.com/exploit?id=WPEX-ID:EE312F22-CA58-451D-A1CB-3F78A6E5ECAF
https://plugins.svn.wordpress.org/blog2social/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Simple Behance Portfolio Cross-Site Scripting (0.2)
WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (2.2.4)
Hesk Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3743)