CVE-2026-7051

Published: Mag 13, 2026 Last Modified: Mag 13, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,4

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: low

Availability: low

Description

AI Translation Available

The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 8.9.0. This is due to a missing ownership verification in the B2S_Post_Tools::deleteUserPublishPost() and B2S_Post_Tools::deleteUserSchedPost() functions, neither function includes a blog_user_id constraint in its database query, allowing authenticated attackers to soft-delete any user's B2S post records by supplying arbitrary sequential wp_b2s_posts.id values via the 'postId' parameter. This makes it possible for authenticated attackers to delete other users' published and scheduled social media post records, disrupting content publishing workflows.

862

Missing Authorization

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control Availability

Potential Impacts:

Read Application Data Read Files Or Directories Modify Application Data Modify Files Or Directories Gain Privileges Or Assume Identity Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)

Applicable Platforms

Technologies: AI/ML, Database Server, Not Technology-Specific, Web Server

Likelihood of Exploit: High

View CWE Details

https://plugins.trac.wordpress.org/browser/blog2social/tags…

https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax…

https://plugins.trac.wordpress.org/browser/blog2social/tags…

https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/Ajax…

https://plugins.trac.wordpress.org/browser/blog2social/tags…

https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/B2S/…

https://plugins.trac.wordpress.org/browser/blog2social/tags…

https://plugins.trac.wordpress.org/browser/blog2social/tags/8.8.2/includes/B2S/…

https://plugins.trac.wordpress.org/browser/blog2social/tags…

https://plugins.trac.wordpress.org/browser/blog2social/tags/8.9.0/includes/Ajax…

https://plugins.trac.wordpress.org/browser/blog2social/tags…

https://plugins.trac.wordpress.org/browser/blog2social/tags/8.9.0/includes/Ajax…

https://plugins.trac.wordpress.org/browser/blog2social/tags…

https://plugins.trac.wordpress.org/browser/blog2social/tags/8.9.0/includes/B2S/…

https://plugins.trac.wordpress.org/browser/blog2social/tags…

https://plugins.trac.wordpress.org/browser/blog2social/tags/8.9.0/includes/B2S/…

https://plugins.trac.wordpress.org/browser/blog2social/trun…

https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post…

https://plugins.trac.wordpress.org/browser/blog2social/trun…

https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/Ajax/Post…

https://plugins.trac.wordpress.org/browser/blog2social/trun…

https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/B2S/Post/…

https://plugins.trac.wordpress.org/browser/blog2social/trun…

https://plugins.trac.wordpress.org/browser/blog2social/trunk/includes/B2S/Post/…

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfp…

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&ol…

https://www.wordfence.com/threat-intel/vulnerabilities/id/f…

https://www.wordfence.com/threat-intel/vulnerabilities/id/f0859e21-851a-4a6d-aa…

CVE-2026-7051

Description

Missing Authorization

Common Consequences

Applicable Platforms

Iscriviti alla newsletter