Vulnerability CVE-2022-3622
Published: 2023-10-20

Description:
The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
WordPress Blog2Social 6.9.11 Missing Authorization
Marco Wotschka
10.11.2022

 References:
https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=cve
https://plugins.trac.wordpress.org/browser/blog2social/tags/6.9.10/includes/B2S/Settings/Item.php#L116
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2795052%40blog2social&new=2795052%40blog2social&sfp_email=&sfph_mail
=
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2796598%40blog2social&new=2796598%40blog2social&sfp_email=&sfph_mail
=
Copyright 2024, cxsecurity.com

 

Back to Top