cleantalk
Vulnerabilities and Security Researches

Blog2Social: Social Media Auto Post & Scheduler, CVE-2026-4330

CVE, Research URL

CVE-2026-4330

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Published on
Apr 08, 2026
Research Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2s_id' parameter belongs to the current user before performing UPDATE and DELETE operations. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify, reschedule, or delete other users' scheduled social media posts.
Affected versions
max 8.8.4.
Status
vulnerable
Previous vulnerability researches
Blog2Social: Social Media Auto Post & Scheduler (CVE-2026-1942) , Apr 15, 2026
Blog2Social: Social Media Auto Post & Scheduler (CVE-2024-7302) , Aug 02, 2024
Blog2Social: Social Media Auto Post & Scheduler (CVE-2025-5673) , Jun 17, 2025
Blog2Social: Social Media Auto Post & Scheduler (CVE-2026-4331) , Apr 13, 2026
Blog2Social: Social Media Auto Post & Scheduler (CVE-2026-4330) , Apr 13, 2026
New vulnerability
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026
Petje.af (CVE-2026-4002) , Apr 17, 2026
LinkedIn SC (CVE-2026-0812) , Apr 17, 2026
Coachific Shortcode (CVE-2026-4005) , Apr 17, 2026