CVE-2025-4133

Published May 22, 2025

Last updated 2 months ago

CVSS medium 5.4

Overview

Description: The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks.
Source: contact@wpscan.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.4
Impact score: 2.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Hype score: Not currently trending

CVE-2025-4133 The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could al… https://t.co/z03l8KDp5k
@CVEnew
22 May 2025
446 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.