VYPR

Blog2Social: Social Media Auto Post & Scheduler

by Blog2Social

CVEs (11)

  • CVE-2022-3246HigOct 25, 2022
    risk 0.57cvss 8.8epss 0.01

    The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers

  • CVE-2021-24137HigMar 18, 2021
    risk 0.57cvss 8.8epss 0.02

    Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.

  • CVE-2022-3247MedOct 25, 2022
    risk 0.42cvss 6.5epss 0.01

    The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF…

  • CVE-2023-3936MedAug 21, 2023
    risk 0.40cvss 6.1epss 0.01

    The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

  • CVE-2021-24956MedDec 21, 2021
    risk 0.40cvss 6.1epss 0.02

    The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue

  • CVE-2025-13558MedNov 25, 2025
    risk 0.35cvss 5.4epss 0.00

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for…

  • CVE-2025-4133MedMay 22, 2025
    risk 0.35cvss 5.4epss 0.00

    The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks.

  • CVE-2026-4331MedMar 26, 2026
    risk 0.28cvss 4.3epss 0.00

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() function only verifying that the user has the 'read' capability and a valid…

  • CVE-2025-14943MedJan 10, 2026
    risk 0.28cvss 4.3epss 0.00

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that…

  • CVE-2026-4330MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.01

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2s_id'…

  • CVE-2025-12560MedNov 6, 2025
    risk 0.21cvss 4.3epss 0.00

    The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access…