cleantalk
Vulnerabilities and Security Researches

Blog2Social: Social Media Auto Post & Scheduler, CVE-2025-13558

CVE, Research URL

CVE-2025-13558

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Published on
Nov 25, 2025
Research Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the status of arbitrary posts to trash.
Affected versions
max 8.7.1.
Status
vulnerable
Previous vulnerability researches
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2023-51359) , Jun 10, 2024
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2025-1664) , Mar 09, 2025
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (0363ff3384ec03990bbda4e574d619ea16717f53) , Jun 06, 2024
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2023-2084) , Jun 06, 2024
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2023-2083) , Jun 06, 2024
New vulnerability
Eupago Gateway For Woocommerce (CVE-2025-62870) , Dec 11, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-13196) , Dec 11, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-11536) , Dec 11, 2025
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (CVE-2025-11244) , Dec 11, 2025
Advanced Custom Fields: Extended (CVE-2025-13486) , Dec 11, 2025