225 matches found
CVE-2025-12563
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2025-12563 Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...
EUVD-2025-37974
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2025-12563 Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level acce...
CVE-2025-12563
CVE-2025-12563 affects Blog2Social: Social Media Auto Post & Scheduler for WordPress (versions up to 8.6.0). The vulnerability arises from an incorrect capability check in the uploadVideo() function, enabling authenticated users with Subscriber level access and above to upload MP4 files to wp-con...
WordPress Blog2Social plugin <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url vulnerability
Authenticated Subscriber+ Blind Server-Side Request Forgery via posturl vulnerability discovered by LionTree in WordPress Plugin Blog2Social versions = 8.6.0...
WordPress Blog2Social plugin <= 8.6.0 - Incorrect Authorization to Video File Upload vulnerability
Incorrect Authorization to Video File Upload vulnerability discovered by thinnawarth mathuros in WordPress Plugin Blog2Social versions = 8.6.0...
PT-2025-45175
Name of the Vulnerable Software and Affected Versions Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions up to and including 8.6.0 Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress has a flaw related to file uploads. An incorrect...
WordPress plugin Blog2Social 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress plugin Blog2Social 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...
PT-2025-45176
Name of the Vulnerable Software and Affected Versions Blog2Social: Social Media Auto Post & Scheduler versions prior to 8.6.1 Description The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is susceptible to a Server-Side Request Forgery issue in versions up to and including...
EUVD-2019-7898
Malware in sbrugna...
EUVD-2019-18947
Malware in sbrugna...
EUVD-2021-11051
Malware in sbrugna...
EUVD-2022-42653
Malicious code in bioql PyPI...
EUVD-2022-42982
Malicious code in bioql PyPI...
EUVD-2023-45125
Malicious code in bioql PyPI...
CVE-2025-5673
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
CVE-2025-5673 Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQ...
WordPress plugin Blog2Social: Social Media Auto Post & Scheduler SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Blog2Social: Social Media Auto Post & Scheduler Plugin suffers from a SQL injection vulnerability that stems from insufficient escaping of the prgSortPostType paramete...