Vulnerability Description
The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adenion | Blog2Social | < 5.9.0 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2186043PatchThird Party Advisory
- https://plugins.trac.wordpress.org/log/blog2social/Third Party Advisory
- https://wordpress.org/plugins/blog2social/#developersProductThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9948Third Party Advisory
- https://plugins.trac.wordpress.org/changeset/2186043PatchThird Party Advisory
- https://plugins.trac.wordpress.org/log/blog2social/Third Party Advisory
- https://wordpress.org/plugins/blog2social/#developersProductThird Party Advisory
- https://wpvulndb.com/vulnerabilities/9948Third Party Advisory
FAQ
What is CVE-2019-17550?
CVE-2019-17550 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. ...
How severe is CVE-2019-17550?
CVE-2019-17550 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17550?
Check the references section above for vendor advisories and patch information. Affected products include: Adenion Blog2Social.