CVE-2025-13558

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, wi...

CVE-2025-13558

The CVE-2025-13558 entry concerns the WordPress plugin Blog2Social: Social Media Auto Post & Scheduler, affected in versions up to 8.7.0. The root cause is a missing capability check in the deleteUserCcDraftPost function, enabling authenticated users with Subscriber-level access (and above) to mo...

WordPress Blog2Social plugin <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Post Trashing vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Blog2Social versions = 8.7.0...

CVE-2025-11734

CVE-2025-11734 concerns the Broken Link Checker by AIOSEO for WordPress. The vulnerability stems from insufficient authorization checks on a REST endpoint used to manage posts. Specifically, the plugin exposes DELETE /wp-json/aioseoBrokenLinkChecker/v1/post and grants the aioseo_blc_broken_links_...

CVE-2021-25116

The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the removeasset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put...