CVE-2021-24956

CVE-2021-24956: Blog2Social < 6.8.7 - Reflected Cross-Site Scripting

Vendor Unknown
Product Blog2Social: Social Media Auto Post & Scheduler
Weakness CWE-79 · XSS
Published December 21, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

December 21, 2021 CVE published
August 3, 2024 Record updated