CVE-2019-9576

Name of the Vulnerable Software and Affected Versions Blog2Social plugin versions prior to 5.0.3

Description The issue allows for XSS in the wp-admin/admin.php?page=blog2social-ship API endpoint. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the wp-admin/admin.php?page=blog2social-ship endpoint until the update is applied.