PT-2026-31109 · WordPress · Blog2Social: Social Media Auto Post & Scheduler
Mariusz Maik
·
Published
2026-04-08
·
Updated
2026-04-13
·
CVE-2026-4330
CVSS v3.1
4.3
Medium
| AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to and including 8.8.3
Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is susceptible to authorization bypass. This occurs because the plugin’s AJAX handlers do not verify that the
b2s id parameter, provided by the user, corresponds to the current user before executing UPDATE and DELETE operations. Authenticated attackers with Subscriber-level access or higher can exploit this to modify, reschedule, or delete scheduled social media posts belonging to other users.Recommendations
Update Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress to a version later than 8.8.3.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blog2Social: Social Media Auto Post & Scheduler