CVE-2026-4331

Name of the Vulnerable Software and Affected Versions Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to and including 8.8.2

Description The Blog2Social plugin for WordPress is susceptible to unauthorized data loss. The resetSocialMetaTags() function inadequately verifies user permissions, only checking for 'read' capability and a valid b2s security nonce. Because the plugin grants the 'blog2social access' capability to all roles upon activation, attackers with Subscriber-level access or higher can access the admin pages where the nonce is available. This allows them to delete all b2s post meta records from the wp postmeta table, resulting in the permanent removal of custom social media meta tags for all posts on the site.

Recommendations Versions prior to 8.8.3 should be updated.