WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Deletion via 'b2sresetsocialmetatags' AJAX Action vulnerability discovered by s00me00ne in WordPress Plugin Blog2Social versions = 8.8.2...

CVE-2026-4331

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags function only verifying that the user has the 'read' capability and a valid b2ssecuritynonce, both o...

CVE-2026-4331

The CVE affects Blog2Social: Social Media Auto Post & Scheduler for WordPress up to version 8.8.2. The resetSocialMetaTags() AJAX path incorrectly validates permissions: it only checks for the 'read' capability and a valid b2s_security_nonce, which are available to Subscriber-level users, due to ...

CVE-2026-4331 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags function only verifying that the user has the 'read' capability and a valid b2ssecuritynonce, both o...

PT-2026-28203

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags function only verifying that the user has the 'read' capability and a valid b2s security nonce, both...

EUVD-2023-12461

Malicious code in bioql PyPI...

CVE-2023-0403

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

WordPress Delete Custom Fields plugin <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion vulnerability

Cross-Site Request Forgery to Post Meta Deletion vulnerability discovered by Francesco Carlucci in WordPress Plugin Delete Custom Fields versions = 0.3.1...

Delete Custom Fields <= 0.3.1 - Cross-Site Request Forgery to Post Meta Deletion

Description The Delete Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.1. This is due to missing or incorrect nonce validation on the ajaxdeletefield function. This makes it possible for unauthenticated attackers to delete...

CVE-2023-0402

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta...

Authorization

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta...

CVE-2023-0402 Social Warfare <= 4.3.0 - Missing Authorization

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta...

Social Warfare < 4.4.0 - Post Meta Deletion via CSRF

The plugin does not have CSRF checks in some AJAX actions, allowing attackers, to make a logged in admin call them and delete arbitrary post meta as well as reset access tokens related to network via CSRF attacks PoC...

Social Warfare < 4.4.0 - Post Meta Deletion via CSRF

The plugin does not have CSRF checks in some AJAX actions, allowing attackers, to make a logged in admin call them and delete arbitrary post meta as well as reset access tokens related to network via CSRF attacks...