Description

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler is prone to multiple vulnerabilities, including SQL injection and server-side request forgery vulnerabilities. An attacker may leverage these issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database, or to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler version 6.9.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 6.9.10 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:ECE049B2-9A21-463D-9E8B-B4CE61919F0C

https://sploitus.com/exploit?id=WPEX-ID:EE312F22-CA58-451D-A1CB-3F78A6E5ECAF

https://plugins.svn.wordpress.org/blog2social/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin GigPress Multiple Vulnerabilities (2.3.10)

WordPress Plugin WordPress WP-Advanced-Search SQL Injection (3.3.6)

Oracle Database Server CVE-2009-1018 Vulnerability (CVE-2009-1018)

Dotclear Other Vulnerability (CVE-2006-2866)

WordPress Plugin WP Bannerize SQL Injection (4.0.2)

Severity

High

Classification

CVE-2022-3246 CVE-2022-3247 CWE-89 CWE-918 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update