Pr-Gateway Blog2Social Social Media Auto Post Scheduler vulnerabilities
13 known vulnerabilities affecting pr-gateway/blog2social_social_media_auto_post_scheduler.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM12
Vulnerabilities
Page 1 of 1
CVE-2024-3549P3CRITICALCVSS 9.9≤ 7.4.12024-06-11
CVE-2024-3549 [CRITICAL] CWE-89 CVE-2024-3549: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Inject
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the 'b2sSortPostType' parameter in all versions up to, and including, 7.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attac
nvd
CVE-2026-1942P3MEDIUMCVSS 6.5≤ 8.7.42026-02-18
CVE-2026-1942 [MEDIUM] CWE-862 CVE-2026-1942: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthoriz
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s_curation_draft AJAX action in all versions up to, and including, 8.7.4. The curationDraft() function only verifies current_user_can('read') without checking whether the user has edit_p
nvd
CVE-2025-5673P3MEDIUMCVSS 6.5≤ 8.4.42025-06-17
CVE-2025-5673 [MEDIUM] CWE-89 CVE-2025-5673: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Inject
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacke
nvd
CVE-2026-7051P3MEDIUMCVSS 5.4≤ 8.9.02026-05-13
CVE-2026-7051 [MEDIUM] CWE-862 CVE-2026-7051: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Au
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2S_Post_Tools::deleteUserPublishPost() and B2S_Post_Tools::deleteUserSchedPost() functions, neither function includes a blog_user_id constra
nvd
CVE-2025-13558P4MEDIUMCVSS 5.4≤ 8.7.02025-11-25
CVE-2025-13558 [MEDIUM] CWE-862 CVE-2025-13558: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthoriz
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the st
nvd
CVE-2024-3678P4MEDIUMCVSS 5.3≤ 7.4.22024-04-26
CVE-2024-3678 [MEDIUM] CWE-862 CVE-2024-3678: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.4.2. This makes it possible for unauthenticated attackers to view limited information from password protected posts.
nvd
CVE-2026-4330P4MEDIUMCVSS 4.3≤ 8.8.32026-04-08
CVE-2026-4330 [MEDIUM] CWE-639 CVE-2026-4330: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorizat
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2s_id' parameter belongs to the current user before performing UPDATE and DELETE o
nvd
CVE-2024-7302P4MEDIUMCVSS 5.4≤ 7.5.42024-08-01
CVE-2024-7302 [MEDIUM] CWE-79 CVE-2024-7302: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cro
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary we
nvd
CVE-2025-12560P4MEDIUMCVSS 4.3≤ 8.6.02025-11-06
CVE-2025-12560 [MEDIUM] CWE-918 CVE-2025-12560: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Sid
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from t
nvd
CVE-2025-12563P4MEDIUMCVSS 4.3≤ 8.6.02025-11-06
CVE-2025-12563 [MEDIUM] CWE-862 CVE-2025-12563: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited fi
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload mp4 files to the 'wp-content
nvd
CVE-2022-3622P4MEDIUMCVSS 4.3≤ 6.9.112023-10-20
CVE-2022-3622 [MEDIUM] CWE-862 CVE-2022-3622: The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capabilit
The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.
nvd
CVE-2026-4331P4MEDIUMCVSS 4.3≤ 8.8.22026-03-26
CVE-2026-4331 [MEDIUM] CWE-862 CVE-2026-4331: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthoriz
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() function only verifying that the user has the 'read' capability and a valid b2s_security_nonce, both of which are available to Subscriber-level users, as
nvd
CVE-2025-14943P4MEDIUMCVSS 4.3≤ 8.7.22026-01-10
CVE-2025-14943 [MEDIUM] CWE-863 CVE-2025-14943: The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the 'read' capability (Subscriber-level) and a valid nonce, b
nvd