### [CVE-2019-17550](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17550) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. ### POC #### Reference - https://wpvulndb.com/vulnerabilities/9948 - https://wpvulndb.com/vulnerabilities/9948 #### Github No PoCs found on GitHub currently.