Missing Authorization Vulnerability in Blog2Social Plugin
On October 5, 2022, the Wordfence Threat Intelligence team responsibly disclosed a Missing Authorization vulnerability in Blog2Social, a WordPress plugin installed on over 70,000 sites that allows users to set up post sharing to various social networks.
Vulnerable versions of the plugin make it possible for authenticated attackers with minimal permissions, such as subscribers, to change the plugin’s settings.
