CVE Catalog

CVE-2026-56044

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Blog2Social version 8.9.2 and earlier. The attack can be carried out without authentication, increasing the risk of exploitation.

Risk Assessment

An attacker can inject malicious JavaScript code that executes in the browsers of site visitors, leading to session theft, redirects, or data theft.

Recommendation

Immediately update the Blog2Social plugin to a version newer than 8.9.2, which includes a fix for the vulnerability.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS