Auth bypass in Pr-gateway Blog2social: Social Media Auto Post & Scheduler
CVE-2025-12563
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all versions up to, and including, 8.6.0. This makes it poss…
Vulnerability class: Broken Access Control
EPSS: 0.000 (7.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.
Affected products
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-12563?
- CVE-2025-12563 is a medium-severity vulnerability in Pr-gateway Blog2social: Social Media Auto Post & Scheduler, classified under Missing Authorization. CVSS score: 4.3/10. Published 2025-11-06.
- How severe is CVE-2025-12563?
- Medium severity. CVSS v3 base score is 4.3 out of 10.