cleantalk
Vulnerabilities and Security Researches

Blog2Social: Social Media Auto Post & Scheduler, CVE-2025-14943

CVE, Research URL

CVE-2025-14943

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Published on
Jan 10, 2026
Research Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured authorization check on the 'getShipItemFullText' function which only verifies that a user has the 'read' capability (Subscriber-level) and a valid nonce, but fails to verify whether the user has permission to access the specific post being requested. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract data from password-protected, private, or draft posts.
Affected versions
max 8.7.3.
Status
vulnerable
Previous vulnerability researches
Blog2Social: Social Media Auto Post & Scheduler (CVE-2026-1942) , Apr 15, 2026
Blog2Social: Social Media Auto Post & Scheduler (CVE-2024-7302) , Aug 02, 2024
Blog2Social: Social Media Auto Post & Scheduler (CVE-2025-5673) , Jun 17, 2025
Blog2Social: Social Media Auto Post & Scheduler (CVE-2026-4331) , Apr 13, 2026
Blog2Social: Social Media Auto Post & Scheduler (CVE-2026-4330) , Apr 13, 2026
New vulnerability
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026
Petje.af (CVE-2026-4002) , Apr 17, 2026
LinkedIn SC (CVE-2026-0812) , Apr 17, 2026
Coachific Shortcode (CVE-2026-4005) , Apr 17, 2026