Description
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently change plugin�s settings. WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler version 6.9.11 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.9.12 or latest
References
https://www.wordfence.com/blog/2022/11/missing-authorization-vulnerability-in-blog2social-plugin/
https://plugins.svn.wordpress.org/blog2social/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Blog social sharing component Cross-Site Request Forgery (1.4.5)
WordPress 5.3.x PHP Object Injection (5.3 - 5.3.7)
OpenSSL Other Vulnerability (CVE-2002-1568)
WordPress Plugin WP-DownloadManager Cross-Site Scripting (1.67)
WordPress Plugin Google Doc Embedder Multiple Vulnerabilities (2.6.1)