WordPress Plugin Vulnerabilities

Blog2Social < 5.6.0 - SQL Injection

Description

A SQL injection vulnerability exists in the Adenion Blog2Social plugin through 5.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.

Affects Plugins

Plugin icon
blog2social
Fixed in 5.6.0

References

CVE
CVE-2019-13572
URL
https://fortiguard.com/zeroday/FG-VD-19-094
URL
https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Tin Duong of Fortinet's FortiGuard Labs
Verified
No
WPVDB ID
48f7b6f0-0ff3-490f-8549-1c70e914732e

Timeline

Publicly Published
2019-07-25 (about 6 years ago)
Added
2019-07-25 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-03-10
Title
Ally < 4.1.0 - Unauthenticated SQLi via URL Path
Published
2016-12-05
Title
Single Personal Message 1.0.3 – Authenticated SQL Injection
Published
2025-06-02
Title
Ultimate Gift Cards for WooCommerce < 3.1.5 - Authenticated (Administrator+) SQL Injection via wps_wgm_save_post Function
Published
2021-10-07
Title
Post Content XMLRPC <= 1.0 - Admin+ SQL Injections
Published
2024-03-20
Title
Avada < 7.11.7 - Authenticated (Admin+) SQL Injection via entry