Lucene search
K

229 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56044

Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-56044 WordPress Blog2Social plugin <= 8.9.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...

7.1CVSS0.0018EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39705

Unauthenticated Cross Site Scripting XSS in Blog2Social = 8.9.2 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.14 views

CVE-2026-56044

The CVE-2026-56044 entry concerns the WordPress Blog2Social plugin (versions up to and including 8.9.2) and describes an Unauthenticated Cross-Site Scripting (XSS) vulnerability in that plugin. The report identifies the affected product as the Blog2Social WordPress plugin and states the vulnerabi...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-7051

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

5.4CVSS5.6AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.10 views

CVE-2026-4330

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

4.3CVSS5.5AI score0.00542EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 5:16 a.m.14 views

CVE-2026-7051

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

5.4CVSS0.00409EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/05/13 4:26 a.m.67 views

CVE-2026-7051 Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

5.4CVSS0.00409EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/05/13 4:26 a.m.13 views

CVE-2026-7051

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

5.4CVSS5.9AI score0.00409EPSS
Exploits0References15
CVE
CVE
added 2026/05/13 4:26 a.m.30 views

CVE-2026-7051

The CVE-2026-7051 entry concerns the Blog2Social WordPress plugin (versions up to 8.9.0) with a Missing Authorization issue. The root cause is missing blog_user_id constraints in B2S_Post_Tools::deleteUserPublishPost() and deleteUserSchedPost(), allowing an authenticated subscriber+ to delete oth...

5.4CVSS5.9AI score0.00409EPSS
Exploits0References14
EUVD
EUVD
added 2026/05/13 4:26 a.m.14 views

EUVD-2026-29899

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

5.4CVSS5.9AI score0.00409EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/05/13 4:26 a.m.8 views

CVE-2026-7051 Blog2Social: Social Media Auto Post & Scheduler <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records via 'postId' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2SPostTools::deleteUserPublishPost and B2SPostTools::deleteUserSchedPost functions,...

5.4CVSS5.9AI score0.00409EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.15 views

PT-2026-40563

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2S Post Tools::deleteUserPublishPost and B2S Post Tools::deleteUserSchedPost...

5.4CVSS5.9AI score0.00409EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

WordPress plugin Blog2Social 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.4CVSS5.8AI score0.00409EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/12 3:27 p.m.10 views

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.9.0 - Missing Authorization to Authenticated (Subscriber+) Delete Arbitrary B2S Post Records vulnerability

Missing Authorization to Authenticated Subscriber+ Delete Arbitrary B2S Post Records vulnerability discovered by awhacken in WordPress Plugin Blog2Social versions = 8.9.0...

5.4CVSS5.8AI score0.00409EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20125

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

4.3CVSS5.9AI score0.00542EPSS
Exploits0References17
Patchstack
Patchstack
added 2026/04/08 8:31 a.m.7 views

WordPress Blog2Social: Social Media Auto Post & Scheduler plugin <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2sid' Parameter vulnerability discovered by s00me00ne in WordPress Plugin Blog2Social versions = 8.8.3...

4.3CVSS5.9AI score0.00542EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/08 7:43 a.m.22 views

CVE-2026-4330 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

4.3CVSS0.00542EPSS
Exploits0References16
CVE
CVE
added 2026/04/08 7:43 a.m.11 views

CVE-2026-4330

The affected software is the Blog2Social: Social Media Auto Post & Scheduler WordPress plugin. All versions up to 8.8.3 are affected by an authorization bypass in AJAX handlers: the plugin does not validate that the user-supplied b2s_id belongs to the current user before UPDATE/DELETE actions. Th...

4.3CVSS5.9AI score0.00542EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/04/08 7:43 a.m.2 views

CVE-2026-4330 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2sid' parameter belongs to...

4.3CVSS5.9AI score0.00542EPSS
Exploits0References16
Rows per page
Query Builder