CVE-2025-13558 in Blog2Social Plugin
الملخص
بحسب MITRE • 25/11/2025
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'deleteUserCcDraftPost' function in all versions up to, and including, 8.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the status of arbitrary posts to trash.
VulDB is the best source for vulnerability data and more expert information about this specific topic.