[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcxaLp2UA01B3-MTe2V49aQrtaixj9ulfAHkZQddU_iA":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-3247","blog2social-authenticated-subscriber-server-side-request-forgery","Blog2Social \u003C= 6.9.9 - Authenticated (Subscriber+) Server-Side Request Forgery","The Blog2Social  plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 6.9.9 due to missing URL validation to ensure an external URL is used in the function b2sFileGetContents. This makes it possible for authenticated users, with subscriber-level access or higher, to perform attacks against the server.","blog2social",null,"\u003C=6.9.9","6.9.10","medium",6.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:C\u002FC:H\u002FI:N\u002FA:N","Server-Side Request Forgery (SSRF)","2022-10-03 00:00:00","2024-10-24 18:44:14",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F25baf78e-e9bc-421b-8a66-9571ac3625c3?source=api-prod",753]