Adenion Blog2social
15 CVEs affecting Adenion Blog2social. Latest disclosed: 2026-06-26. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3549 | Critical | 9.9 | 2024-06-11 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up… |
CVE-2019-13572 | Critical | 9.8 | 2019-08-01 | The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. |
CVE-2022-3246 | High | 8.8 | 2022-10-25 | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL s… |
CVE-2021-24137 | High | 8.8 | 2021-03-18 | Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users… |
CVE-2026-56044 | High | 7.1 | 2026-06-26 | Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions. |
CVE-2023-40554 | High | 7.1 | 2023-09-06 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions. |
CVE-2022-3247 | Medium | 6.5 | 2022-10-25 | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the… |
CVE-2024-7302 | Medium | 6.4 | 2024-08-01 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up… |
CVE-2023-3936 | Medium | 6.1 | 2023-08-21 | The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site… |
CVE-2021-24956 | Medium | 6.1 | 2021-12-21 | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it… |
CVE-2019-17550 | Medium | 6.1 | 2019-11-13 | The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and J… |
CVE-2019-9576 | Medium | 6.1 | 2019-03-05 | The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS. |
CVE-2025-4133 | Medium | 5.4 | 2025-05-22 | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which… |
CVE-2024-3678 | Medium | 5.3 | 2024-04-26 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including… |
CVE-2022-3622 | Medium | 4.1 | 2023-10-20 | The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This mak… |