Blog2Social: Social Media Auto Post & Scheduler

Vulnerabilities 28Slug blog2socialLatest version 8.9.1WordPress.org →

Minimum safe version

8.8.4

Update to 8.8.4 or later to address 28 fixable vulnerabilities

Latest available8.9.1
N/A
2026-02-17< 8.7.5

Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification

WordfenceCVE
N/A
2026-03-25< 8.8.3

Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action

WordfenceCVE
N/A
2026-04-07< 8.8.4

Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter

WordfenceCVE
Medium 6.5
2025-06-17< 8.4.5

Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter

EUVDWordfenceCVE
Medium 5.4
2025-05-22< 8.4.0

WordPress Blog2Social Plugin < 8.4.0 is vulnerable to Cross Site Scripting (XSS)

PatchstackEUVDWordfenceCVE
Medium 6.1
2023-08-21< 7.2.1

CVE-2023-3936

CVEWPScan
N/A
2023-07-26< 7.2.1

Blog2Social: Social Media Auto Post & Scheduler <= 7.2.0 - Reflected Cross-Site Scripting

Wordfence
N/A
2018-09-21< 5.0.1

Blog2Social: Social Media Auto Post & Scheduler < 5.0.1 - PHP Object Injection

Wordfence
N/A
2022-04-05< 6.9.4

Blog2Social <= 6.9.3 - PHP Object Injection

Wordfence
N/A
< 5.0.1

Blog2Social &lt;= 5.0.0 - PHP Obj Injection

WPScan
N/A
2019-07-26< 5.6.0

WordPress Blog2Social plugin <= 5.5.0 - SQL Injection (SQLi) vulnerability

Patchstack
N/A
2020-06-09< 6.3.1

WordPress Blog2Social plugin <= 6.3.0 - Authenticated SQL Injection (SQLi) vulnerability

Patchstack
Medium 6.1
2019-05-02< 5.0.3

Blog2Social: Social Media Auto Post & Scheduler <= 5.0.2 - Reflected Cross-Site Scripting

WordfencePatchstackCVEWPScan