Blog2Social WordPress Plugin Sensitive Information Exposure Vulnerability

A vulnerability allowing sensitive information exposure exists in the Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress, affecting all versions through 8.7.2. The issue arises from an improperly configured authorization check in the 'getShipItemFullText' function. This function only verifies that a user has the 'read' capability (Subscriber level) and a valid nonce, without checking if the user has permission to access the specific post requested. As a result, authenticated attackers with Subscriber-level access or higher can retrieve data from password-protected, private, or draft posts.

Impact

Exploitation of this vulnerability allows authenticated users with Subscriber-level access and above to access and extract content from password-protected, private, or draft posts, leading to unauthorized disclosure of sensitive information.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'getShipItemFullText' function via AJAX. The request must include a valid nonce and the ID of the post from which the user wants to extract information. The absence of a proper authorization check for the specific post allows the user to access content they should not be able to.

Remediation

Users are advised to update the Blog2Social: Social Media Auto Post & Scheduler plugin to version 8.7.3 or later.