CVE-2026-1942 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2scurationdraft AJAX action in all versions up to, and including, 8.7.4. The curationDraft function only verifies...

CVE-2026-1942

CVE-2026-1942 affects Blog2Social: Social Media Auto Post & Scheduler for WordPress (versions up to 8.7.4). The root cause is a missing capability check in the b2s_curation_draft AJAX action: the curationDraft() function only verifies current_user_can('read') and does not require edit_post permis...

WordPress plugin Blog2Social: Social Media Auto Post & Scheduler 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20379

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the b2s curation draft AJAX action in all versions up to, and including, 8.7.4. The curationDraft function only verifies current user...