cleantalk
Vulnerabilities and Security Researches

Blog2Social: Social Media Auto Post & Scheduler, CVE-2025-12563

CVE, Research URL

CVE-2025-12563

Home page URL

Security reports for Blog2Social: Social Media Auto Post & Scheduler

Application

Blog2Social: Social Media Auto Post & Scheduler

Published on
Nov 06, 2025
Research Description
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all versions up to, and including, 8.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload mp4 files to the 'wp-content/uploads/<YYYY>/<MM>/' directory.
Affected versions
max 8.6.1.
Status
vulnerable
Previous vulnerability researches
Password Policy Manager | Password Manager (CVE-2025-11255) , Nov 10, 2025
Password Policy Manager | Password Manager (CVE-2025-31019) , Jun 14, 2025
New vulnerability
Finale Lite &#8211; Sales Countdown Timer &amp; Discount for WooCommerce (CVE-2025-52736) , Nov 11, 2025
APPExperts &#8211; Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps (CVE-2025-53218) , Nov 11, 2025
Recipe Card Blocks for Gutenberg &amp; Elementor &#8211; Best WordPress Recipe Plugin (CVE-2025-62019) , Nov 11, 2025
Premmerce Product Search for WooCommerce (CVE-2025-64289) , Nov 11, 2025
Premmerce Product Search for WooCommerce (CVE-2025-64290) , Nov 11, 2025