cleantalk
Vulnerabilities and Security Researches

Blog2Social: Social Media Auto Post & Scheduler, CVE-2025-13558

CVE, Research URL

CVE-2025-13558

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Published on
Nov 25, 2025
Research Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the status of arbitrary posts to trash.
Affected versions
max 8.7.1.
Status
vulnerable
Previous vulnerability researches
Kadence WooCommerce Email Designer (CVE-2025-39557) , Apr 17, 2025
Kadence WooCommerce Email Designer (CVE-2023-47186) , Jun 07, 2024
Kadence WooCommerce Email Designer (CVE-2022-3335) , Jun 07, 2024
Kadence WooCommerce Email Designer (CVE-2025-13387) , Dec 10, 2025
Kadence WooCommerce Email Designer (CVE-2025-54697) , Aug 16, 2025
New vulnerability
Tainacan (CVE-2025-12747) , Dec 11, 2025
Tainacan (CVE-2025-12746) , Dec 11, 2025
Graphina – Elementor Charts and Graphs (CVE-2025-11820) , Dec 11, 2025
ContentStudio (CVE-2025-12181) , Dec 11, 2025
ContentStudio (CVE-2025-13144) , Dec 11, 2025