CVE-2023-3936

Name of the Vulnerable Software and Affected Versions Blog2Social WordPress plugin versions prior to 7.2.1

Description The issue arises from the plugin's failure to properly sanitise and escape a parameter before outputting it back in the page. This leads to a Reflected Cross-Site Scripting (XSS) vulnerability, which could be exploited against high-privilege users such as administrators. The vulnerability may allow a remote attacker to conduct cross-site scripting attacks.

Recommendations For versions prior to 7.2.1, update to version 7.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation. Avoid using the vulnerable parameter in the affected page until the issue is resolved.