{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T02:00:29.522","vulnerabilities":[{"cve":{"id":"CVE-2022-3622","sourceIdentifier":"security@wordfence.com","published":"2023-10-20T08:15:11.847","lastModified":"2026-04-08T19:17:53.283","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only."},{"lang":"es","value":"El complemento Blog2Social para WordPress es vulnerable a la omisiĆ³n de autorizaciĆ³n debido a la falta de comprobaciones de capacidad en versiones hasta la 6.9.11 incluida. Esto hace posible que los atacantes autenticados, con permisos de nivel de suscriptor y superiores, cambien algunas configuraciones de complementos que solo los administradores pueden modificar."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adenion:blog2social:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"6.9.11","matchCriteriaId":"7536D4D8-8089-406B-9367-A113ACB4796F"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/blog2social/tags/6.9.10/includes/B2S/Settings/Item.php#L116","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2795052%40blog2social&new=2795052%40blog2social&sfp_email=&sfph_mail=","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2796598%40blog2social&new=2796598%40blog2social&sfp_email=&sfph_mail=","source":"security@wordfence.com","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://plugins.trac.wordpress.org/browser/blog2social/tags/6.9.10/includes/B2S/Settings/Item.php#L116","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2795052%40blog2social&new=2795052%40blog2social&sfp_email=&sfph_mail=","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2796598%40blog2social&new=2796598%40blog2social&sfp_email=&sfph_mail=","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/f5b8d39c-d307-42c9-a972-29b5521a82a4?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}