CVE-2022-3247

CVE-2022-3247: Blog2Social < 6.9.10 - Subscriber+ SSRF

Vendor Unknown

Product Blog2Social: Social Media Auto Post & Scheduler

Weakness CWE-918 · SSRF

Published October 25, 2022

Last update May 9, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.9.10 does not have authorisation in an AJAX action, and does not ensure that the URL to make a request to is an external one. As a result, any authenticated users, such as subscriber could perform SSRF attacks

Key dates

02Disclosure timeline

October 25, 2022 CVE published

May 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3247 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

04Related CVE

CVE-2019-1872 Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability CVE-2025-8527 Exrick xboot Swagger SecurityController.java server-side request forgery CVE-2025-36243 Multiple Vulnerabilities in IBM Concert Software. CVE-2026-32255 Kan is Vulnerable to Unauthenticated SSRF via Attachment Download Endpoint CVE-2026-29097 SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet