Unauthorized Data Loss in Blog2Social Plugin for WordPress
CVE-2026-4331

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Blog2social: Social Media Auto Post & Scheduler
Vendor: CVE Published:; 26 March 2026

What is CVE-2026-4331?

The Blog2Social plugin for WordPress is susceptible to a vulnerability that permits unauthorized data loss. All versions up to and including 8.8.2 allow users with Subscriber-level permissions to access the plugin's features. Due to inadequate verification in the resetSocialMetaTags() function, authenticated attackers can delete all custom social media meta tags stored in the wp_postmeta table. This situation arises because the plugin grants 'blog2social_access' capability to all user roles, posing a significant risk to the integrity of social media metadata associated with posts.

Affected Version(s)

Blog2Social: Social Media Auto Post & Scheduler 0 <= 8.8.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/blog2social/tr...

https://plugins.trac.wordpress.org/browser/blog2social/ta...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2026
Vulnerability Reserved
Mar 17, 2026

Credit

Mariusz Maik

CVE-2026-4331 Data

JSON