cleantalk
Vulnerabilities and Security Researches

Blog2Social: Social Media Auto Post & Scheduler, CVE-2024-7302

CVE, Research URL

CVE-2024-7302

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Published on
Aug 01, 2024
Research Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 3gp2 file uploads in all versions up to, and including, 7.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the 3gp2 file.
Affected versions
Min -, max 7.5.5.
Status
vulnerable
Previous vulnerability researches
Blog2Social: Social Media Auto Post & Scheduler (CVE-2024-7302) , Aug 02, 2024
Blog2Social: Social Media Auto Post & Scheduler (CVE-2025-5673) , Jun 17, 2025
Blog2Social: Social Media Auto Post & Scheduler (CVE-2024-3549) , Jun 13, 2024
Blog2Social: Social Media Auto Post & Scheduler (CVE-2025-4133) , Jun 14, 2025
Blog2Social: Social Media Auto Post & Scheduler (CVE-2019-17550) , Jun 07, 2024
New vulnerability
PostaPanduri (CVE-2025-49452) , Jun 18, 2025
Ivory Search – WordPress Search Plugin (CVE-2025-5209) , Jun 18, 2025
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2025-3515) , Jun 18, 2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage (CVE-2025-3880) , Jun 18, 2025
FW Food Menu – Responsive food menu with ordering & delivery solutions (CVE-2025-49447) , Jun 18, 2025