Description
Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
Published: 2026-06-26
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unauthenticated cross‑site scripting flaw in the Blog2Social plugin for WordPress. Attacker‑supplied input can be crafted to inject arbitrary JavaScript, which will run in the browser of any visitor to the vulnerable page. This can enable session hijacking, data theft, or defacement, as the attacker can execute code with the privileges of the victim’s user.

Affected Systems

It affects the WordPress Blog2Social plugin developed by Adenion. All versions up to and including 8.9.2 are impacted, so any site running one of those releases is susceptible.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity for unauthenticated attackers. The EPSS score is not available and it is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is that any visitor can trigger the flaw by submitting malicious input through a public interface of the plugin, making exploitation straightforward.

Generated by OpenCVE AI on June 26, 2026 at 16:37 UTC.

Remediation

Vendor Solution

Update the WordPress Blog2Social Plugin to the latest available version (at least 8.9.3).

OpenCVE Recommended Actions

  • Update the Blog2Social plugin to version 8.9.3 or newer.
  • Disable or remove the plugin if it is not required for site functionality.
  • Review any content that may have been posted through the plugin for potential injected scripts.

Generated by OpenCVE AI on June 26, 2026 at 16:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Adenion
Adenion blog2social
Wordpress
Wordpress wordpress
Vendors & Products Adenion
Adenion blog2social
Wordpress
Wordpress wordpress

Fri, 26 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.
Title WordPress Blog2Social plugin <= 8.9.2 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Adenion Blog2social
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T16:57:19.755Z

Reserved: 2026-06-18T14:37:51.351Z

Link: CVE-2026-56044

cve-icon Vulnrichment

Updated: 2026-06-26T16:56:55.955Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T19:45:04Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')