CVE-2025-4133: Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 - Contributor+ Stored XSS

Description

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks.

Classification

CVE ID: CVE-2025-4133

Problem Types

CWE-79 Cross-Site Scripting (XSS)

Affected Products

Vendor: Unknown

Product: Blog2Social: Social Media Auto Post & Scheduler

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 6.13% (scored less or equal to compared to others)

EPSS Date: 2025-06-03 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-4133
https://wpscan.com/vulnerability/ebd7e5f5-af8d-42ca-b6ff-af92e03d4a3e/

Timeline

2025-05-22 07:40:13 UTC
CVE

Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 - Contributor+ Stored XSS