Blog2social
by WordPress
Source repositories
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-3549 | Cri | 0.57 | 9.9 | 0.01 | Jun 11, 2024 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation… | ||
| CVE-2026-1942 | Med | 0.42 | 6.5 | 0.00 | Feb 18, 2026 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s_curation_draft AJAX action in all versions up to, and including, 8.7.4. The curationDraft() function only… | ||
| CVE-2025-5673 | Med | 0.42 | 6.5 | 0.00 | Jun 17, 2025 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient… | ||
| CVE-2026-7051 | Med | 0.35 | 5.4 | 0.00 | May 13, 2026 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2S_Post_Tools::deleteUserPublishPost() and… | ||
| CVE-2025-13558 | Med | 0.35 | 5.4 | 0.00 | Nov 25, 2025 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for… | ||
| CVE-2026-4331 | Med | 0.28 | 4.3 | 0.00 | Mar 26, 2026 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() function only verifying that the user has the 'read' capability and a valid… | ||
| CVE-2025-14943 | Med | 0.28 | 4.3 | 0.00 | Jan 10, 2026 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that… | ||
| CVE-2024-3678 | Med | 0.27 | 5.3 | 0.01 | Apr 26, 2024 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts. | ||
| CVE-2022-3622 | Med | 0.27 | 4.1 | 0.01 | Oct 20, 2023 | The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings… | ||
| CVE-2026-4330 | Med | 0.21 | 4.3 | 0.01 | Apr 8, 2026 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2s_id'… | ||
| CVE-2025-12560 | Med | 0.21 | 4.3 | 0.00 | Nov 6, 2025 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access… | ||
| CVE-2025-12563 | Med | 0.21 | 4.3 | 0.00 | Nov 6, 2025 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with… | ||
| CVE-2023-3936 | 0.01 | — | 0.01 | Aug 21, 2023 | The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||
| CVE-2025-4133 | 0.00 | — | 0.00 | May 22, 2025 | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks. | |||
| CVE-2024-7302 | 0.00 | — | 0.00 | Aug 1, 2024 | The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for… | |||
| CVE-2023-40554 | 0.00 | — | 0.00 | Sep 6, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions. | |||
| CVE-2022-3246 | 0.00 | — | 0.01 | Oct 25, 2022 | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers | |||
| CVE-2022-3247 | 0.00 | — | 0.01 | Oct 25, 2022 | The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF… | |||
| CVE-2021-24137 | 0.00 | — | 0.02 | Mar 18, 2021 | Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands. | |||
| CVE-2019-17550 | 0.00 | — | 0.01 | Nov 13, 2019 | The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the… |
- risk 0.57cvss 9.9epss 0.01
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation…
- risk 0.42cvss 6.5epss 0.00
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s_curation_draft AJAX action in all versions up to, and including, 8.7.4. The curationDraft() function only…
- risk 0.42cvss 6.5epss 0.00
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient…
- risk 0.35cvss 5.4epss 0.00
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2S_Post_Tools::deleteUserPublishPost() and…
- risk 0.35cvss 5.4epss 0.00
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() function only verifying that the user has the 'read' capability and a valid…
- risk 0.28cvss 4.3epss 0.00
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that…
- risk 0.27cvss 5.3epss 0.01
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts.
- risk 0.27cvss 4.1epss 0.01
The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings…
- risk 0.21cvss 4.3epss 0.01
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2s_id'…
- risk 0.21cvss 4.3epss 0.00
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access…
- risk 0.21cvss 4.3epss 0.00
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with…
- CVE-2023-3936Aug 21, 2023risk 0.01cvss —epss 0.01
The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- CVE-2025-4133May 22, 2025risk 0.00cvss —epss 0.00
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks.
- CVE-2024-7302Aug 1, 2024risk 0.00cvss —epss 0.00
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for…
- CVE-2023-40554Sep 6, 2023risk 0.00cvss —epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Social, Adenion Blog2Social: Social Media Auto Post & Scheduler plugin <= 7.2.0 versions.
- CVE-2022-3246Oct 25, 2022risk 0.00cvss —epss 0.01
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers
- CVE-2022-3247Oct 25, 2022risk 0.00cvss —epss 0.01
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF…
- CVE-2021-24137Mar 18, 2021risk 0.00cvss —epss 0.02
Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.
- CVE-2019-17550Nov 13, 2019risk 0.00cvss —epss 0.01
The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the…
Page 1 of 2