cleantalk
Vulnerabilities and Security Researches

Blog2Social: Social Media Auto Post & Scheduler, CVE-2025-12560

CVE, Research URL

CVE-2025-12560

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Published on
Nov 06, 2025
Research Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions
max 8.6.1.
Status
vulnerable
Previous vulnerability researches
Advanced Coupons – WooCommerce Coupons, Store Credit, Gift Cards, Loyalty Program, BOGO Coupons, Discount Rules (CVE-2022-43481) , Jun 07, 2024
Advanced Coupons – WooCommerce Coupons, Store Credit, Gift Cards, Loyalty Program, BOGO Coupons, Discount Rules (CVE-2025-62015) , Nov 10, 2025
New vulnerability
Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce) (CVE-2025-10047) , Nov 11, 2025
Advanced Ads – Ad Manager & AdSense (CVE-2025-10487) , Nov 11, 2025
Social proof testimonials and reviews by Repuso (CVE-2025-62071) , Nov 11, 2025
Error Log Viewer by BestWebSoft (CVE-2025-9950) , Nov 11, 2025
Fidelo Snippet (CVE-2025-53351) , Nov 11, 2025