Unrated severityNVD Advisory· Published Oct 25, 2022· Updated May 9, 2025

Blog2Social < 6.9.10 - Subscriber+ SSRF

CVE-2022-3247

Description

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks

Affected products

Unknown/Blog2social: Social Media Auto Post & Schedulerv5
Range: 6.9.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/ee312f22-ca58-451d-a1cb-3f78a6e5ecafmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000