Description
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change plugin�s settings. WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler version 6.9.11 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.9.12 or latest
References
https://www.wordfence.com/blog/2022/11/missing-authorization-vulnerability-in-blog2social-plugin/
https://plugins.svn.wordpress.org/blog2social/trunk/readme.txt
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2007-2122)
IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2023-38370)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7871)
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-46695)