WP-Safety

Blog2Social: Social Media Auto Post & Scheduler Security & Risk Analysis

wordpress.org/plugins/blog2social

Automatically share and schedule your WordPress content on top social platforms like Facebook, Instagram, LinkedIn, TikTok, and more.

50K active installs v8.8.2 PHP 7.4+ WP 6.2+ Updated Feb 27, 2026
auto-postauto-repostcross-postingsocial-media-automationsocial-media-scheduler
76
B · Generally Safe
CVEs total21
Unpatched0
Last CVEFeb 17, 2026
Plugin page Download
Safety Verdict

Is Blog2Social: Social Media Auto Post & Scheduler Safe to Use in 2026?

Mostly Safe

Score 76/100

Blog2Social: Social Media Auto Post & Scheduler is generally safe to use. 21 past CVEs were resolved. Keep it updated.

21 known CVEsLast CVE: Feb 17, 2026Updated 1mo ago
Risk Assessment

The Blog2Social plugin version 8.8.2 exhibits a mixed security posture. While it demonstrates strong adherence to good practices in several areas, such as a high percentage of SQL prepared statements and properly escaped output, and a significant number of nonce and capability checks, several concerns warrant attention. The static analysis reveals a substantial attack surface, with 107 AJAX handlers, all of which appear to have authentication checks. However, the presence of dangerous functions like `unserialize` and `shell_exec` is a significant red flag, especially in conjunction with taint analysis showing five high-severity flows with unsanitized paths. This combination suggests a potential for severe vulnerabilities if these functions are improperly handled. The plugin's vulnerability history is also a major concern, with 21 known CVEs, including 2 critical and 4 high-severity ones in the past. Although there are currently no unpatched vulnerabilities, the frequency and severity of past issues, including SSRF, deserialization vulnerabilities, XSS, and SQL injection, indicate a recurring pattern of security weaknesses that require diligent patching and ongoing code review.

In conclusion, Blog2Social v8.8.2 has strengths in its implementation of standard security measures like prepared statements and output escaping. However, the identified dangerous functions, high-severity taint flows, and a history of critical and high-severity vulnerabilities present substantial risks. The plugin developers should prioritize addressing the identified unsanitized flows and thoroughly auditing the usage of dangerous functions. Users of this plugin should be aware of its past security track record and ensure they are always running the latest patched version, as the historical data suggests a consistent need for security attention.

Key Concerns

  • High severity taint flows detected
  • Presence of dangerous functions (unserialize, shell_exec)
  • History of critical severity CVEs
  • History of high severity CVEs
  • Large number of AJAX handlers
Vulnerabilities
21

Blog2Social: Social Media Auto Post & Scheduler Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
3 CVEs in 2019
2019
1 CVE in 2020
2020
1 CVE in 2021
2021
4 CVEs in 2022
2022
1 CVE in 2023
2023
3 CVEs in 2024
2024
5 CVEs in 2025
2025
2 CVEs in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
2
High
4
Medium
15

21 total CVEs

CVE-2026-1942medium · 6.5Missing Authorization

Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification

Feb 17, 2026 Patched in 8.7.5 (1d)
CVE-2025-14943medium · 4.3Incorrect Authorization

Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure

Jan 9, 2026 Patched in 8.7.3 (1d)
CVE-2025-13558medium · 5.4Missing Authorization

Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing

Nov 24, 2025 Patched in 8.7.1 (53d)
CVE-2025-12560medium · 5.3Server-Side Request Forgery (SSRF)

Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url

Nov 5, 2025 Patched in 8.6.1 (1d)
CVE-2025-12563medium · 4.3Missing Authorization

Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload

Nov 5, 2025 Patched in 8.6.1 (1d)
CVE-2025-5673medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter

Jun 16, 2025 Patched in 8.4.5 (1d)
CVE-2025-4133medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blog2Social: Social Media Auto Post & Scheduler <= 8.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 1, 2025 Patched in 8.4.0 (30d)
CVE-2024-7302medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload

Jul 31, 2024 Patched in 7.5.5 (1d)
CVE-2024-3549critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection

Jun 10, 2024 Patched in 7.4.2 (1d)
CVE-2024-3678medium · 5.3Missing Authorization

Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure

Apr 25, 2024 Patched in 7.5.0 (1d)
CVE-2023-3936medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blog2Social: Social Media Auto Post & Scheduler <= 7.2.0 - Reflected Cross-Site Scripting

Jul 26, 2023 Patched in 7.2.1 (181d)
CVE-2022-3247medium · 6.8Server-Side Request Forgery (SSRF)

Blog2Social <= 6.9.9 - Authenticated (Subscriber+) Server-Side Request Forgery

Oct 3, 2022 Patched in 6.9.10 (753d)
CVE-2022-3246high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Blog2Social <= 6.9.9 - Authenticated (Subscriber+) SQL Injection

Oct 3, 2022 Patched in 6.9.10 (477d)
CVE-2022-3622medium · 4.1Missing Authorization

Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update

Sep 27, 2022 Patched in 6.9.12 (759d)
WF-02b61eb1-a93f-4437-87de-d698af8ef9f6-blog2socialhigh · 8.5Deserialization of Untrusted Data

Blog2Social <= 6.9.3 - PHP Object Injection

Apr 5, 2022 Patched in 6.9.4 (658d)
CVE-2021-24956medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blog2Social <= 6.8.6 - Reflected Cross-Site Scripting

Nov 22, 2021 Patched in 6.8.7 (792d)
CVE-2021-24137high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Blog2Social: Social Media Auto Post & Scheduler <= 6.3.0 - Authenticated SQL Injection

May 29, 2020 Patched in 6.3.1 (1334d)
CVE-2019-17550medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blog2Social: Social Media Auto Post & Scheduler < 5.9.0 - Reflected Cross-Site Scripting via b2s_id Parameter

Nov 14, 2019 Patched in 5.9.0 (1531d)
CVE-2019-13572critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Blog2Social: Social Media Auto Post & Scheduler <= 5.5.0 - SQL Injection

Jul 25, 2019 Patched in 5.6.0 (1643d)
CVE-2019-9576medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Blog2Social: Social Media Auto Post & Scheduler <= 5.0.2 - Reflected Cross-Site Scripting

May 2, 2019 Patched in 5.0.3 (1727d)
WF-6b8655a6-f410-480d-8c45-2527b53fa129-blog2socialhigh · 7.4Deserialization of Untrusted Data

Blog2Social: Social Media Auto Post & Scheduler < 5.0.1 - PHP Object Injection

Sep 21, 2018 Patched in 5.0.1 (1950d)
Code Analysis
Analyzed Mar 16, 2026

Blog2Social: Social Media Auto Post & Scheduler Code Analysis

Dangerous Functions
163
Raw SQL Queries
63
368 prepared
Unescaped Output
369
5122 escaped
Nonce Checks
109
Capability Checks
150
File Operations
4
External Requests
15
Bundled Libraries
1

Dangerous Functions Found

unserialize$language = (!in_array(get_locale(), unserialize(B2S_PLUGIN_LANGUAGE))) ? 'en_US' : get_locale();blog2social.php:32
unserialize$isVideoNetwork = unserialize(B2S_PLUGIN_NETWORK_SUPPORT_VIDEO);includes\Ajax\Get.php:107
unserializeif (!in_array($item->networkId, unserialize(B2S_PLUGIN_NETWORK_SUPPORT_SOCIAL))) {includes\Ajax\Get.php:112
unserialize$drafts = (isset($sqlResult->data) && !empty($sqlResult->data)) ? unserialize($sqlResult->data) : faincludes\Ajax\Get.php:352
unserialize$isVideoNetwork = unserialize(B2S_PLUGIN_NETWORK_SUPPORT_VIDEO);includes\Ajax\Get.php:992
unserializeif (!in_array($item->networkId, unserialize(B2S_PLUGIN_NETWORK_SUPPORT_SOCIAL))) {includes\Ajax\Get.php:997
shell_exec$resTrace = shell_exec($com);includes\Ajax\Post.php:112
unserializeif (preg_match('/^video/im', $isVideo['type']) && in_array($isVideo['type'], unserialize(B2S_PLUGIN_includes\Ajax\Post.php:136
unserialize$tosCrossPosting = unserialize(B2S_PLUGIN_NETWORK_CROSSPOSTING_LIMIT);includes\Ajax\Post.php:345
unserialize$schedData = unserialize($sched->sched_data);includes\Ajax\Post.php:916
unserialize$appQuantity = unserialize(B2S_PLUGIN_DEFAULT_USER_APP_QUANTITY);includes\Ajax\Post.php:1791
unserializeforeach (unserialize(B2S_PLUGIN_USER_APP_NETWORKS) as $network) {includes\Ajax\Post.php:1798
unserialize$licenseName = unserialize(B2S_PLUGIN_VERSION_TYPE);includes\Ajax\Post.php:1824
unserialize$appQuantity = unserialize(B2S_PLUGIN_DEFAULT_USER_APP_QUANTITY);includes\Ajax\Post.php:1847
unserializeforeach (unserialize(B2S_PLUGIN_USER_APP_NETWORKS) as $network) {includes\Ajax\Post.php:1854
unserialize$schedData = unserialize($sched->sched_data);includes\Ajax\Post.php:2393
unserialize$defaultTemplate = unserialize(B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT);includes\Ajax\Post.php:2686
unserialize$originalData = unserialize($rawOriginalData->data);includes\Ajax\Post.php:2700
unserialize$default_template = unserialize(B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT);includes\Ajax\Post.php:2749
unserializeif (in_array((int) $_POST['networkId'], unserialize(B2S_PLUGIN_ALLOW_ADD_LINK))) {includes\Ajax\Post.php:2796
unserializeif (isset($_POST['networkId']) && (int) $_POST['networkId'] > 0 && isset($_POST['networkType']) && iincludes\Ajax\Post.php:2864
unserialize$default = unserialize(B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT)[(int) $_POST['networkId']];includes\Ajax\Post.php:2865
unserialize$data = unserialize($result[0]->data);includes\Ajax\Post.php:2978
unserialize$versionLimit = unserialize(B2S_PLUGIN_RE_POST_LIMIT);includes\Ajax\Post.php:3063
unserialize$supportedNetworks = unserialize(B2S_PLUGIN_USER_APP_NETWORKS);includes\Ajax\Post.php:3592
unserialize$versionType = unserialize(B2S_PLUGIN_VERSION_TYPE);includes\B2S\AutoPost\Item.php:67
unserialize$limit = unserialize(B2S_PLUGIN_AUTO_POST_LIMIT);includes\B2S\AutoPost\Item.php:68
unserialize$networkName = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\AutoPost\Item.php:334
unserialize$this->default_template = (defined('B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT')) ? unserialize(B2includes\B2S\AutoPost.php:47
unserialize$networkAuthData = unserialize($dataString);includes\B2S\AutoPost.php:536
unserialize$networkType = unserialize(B2S_PLUGIN_NETWORK_TYPE);includes\B2S\Calendar\Filter.php:137
unserialize$this->errorTextList = unserialize(B2S_PLUGIN_NETWORK_ERROR);includes\B2S\Calendar\Item.php:47
unserialize$data = unserialize($sched_data);includes\B2S\Calendar\Item.php:105
unserialize$data = unserialize($sched_data);includes\B2S\Calendar\Item.php:119
unserialize$data = unserialize($sched_data);includes\B2S\Calendar\Item.php:141
unserialize$this->sched_data = unserialize($value);includes\B2S\Calendar\Item.php:310
unserialize$data = unserialize($sched_data);includes\B2S\Calendar\Item.php:626
unserialize$names = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Calendar\Item.php:649
unserialize$networkName = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Curation\View.php:134
unserialize$networkTypeName = unserialize(B2S_PLUGIN_NETWORK_TYPE);includes\B2S\Curation\View.php:135
unserialize$value['sched_data'] = ((isset($value['sched_data']) && !empty($value['sched_data'])) ? unserialize(includes\B2S\Heartbeat.php:69
unserialize$publishData = unserialize(stripslashes($v->publishData));includes\B2S\Heartbeat.php:119
unserialize$this->allowProfil = unserialize(B2S_PLUGIN_NETWORK_ALLOW_PROFILE);includes\B2S\Network\Item.php:41
unserialize$this->allowPage = unserialize(B2S_PLUGIN_NETWORK_ALLOW_PAGE);includes\B2S\Network\Item.php:42
unserialize$this->allowGroup = unserialize(B2S_PLUGIN_NETWORK_ALLOW_GROUP);includes\B2S\Network\Item.php:43
unserialize$this->oAuthPortal = unserialize(B2S_PLUGIN_NETWORK_OAUTH);includes\B2S\Network\Item.php:44
unserialize$this->bestTimeInfo = unserialize(B2S_PLUGIN_SCHED_DEFAULT_TIMES_INFO);includes\B2S\Network\Item.php:45
unserialize$this->modifyBoardAndGroup = unserialize(B2S_PLUGIN_NETWORK_ALLOW_MODIFY_BOARD_AND_GROUP);includes\B2S\Network\Item.php:46
unserialize$this->networkTypeName = unserialize(B2S_PLUGIN_NETWORK_TYPE);includes\B2S\Network\Item.php:47
unserialize$this->networkTypeNameIndividual = unserialize(B2S_PLUGIN_NETWORK_TYPE_INDIVIDUAL);includes\B2S\Network\Item.php:48
unserialize$this->networkKindName = unserialize(B2S_PLUGIN_NETWORK_KIND);includes\B2S\Network\Item.php:49
unserialize$this->isVideoSupported = unserialize(B2S_PLUGIN_NETWORK_SUPPORT_VIDEO);includes\B2S\Network\Item.php:50
unserialize$this->isSocialSupported = unserialize(B2S_PLUGIN_NETWORK_SUPPORT_SOCIAL);includes\B2S\Network\Item.php:51
unserializeif (array_key_exists($networkId, unserialize(B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT))) {includes\B2S\Network\Item.php:272
unserializeif (in_array($networkId, unserialize(B2S_PLUGIN_USER_APP_NETWORKS))) {includes\B2S\Network\Item.php:275
unserialize$data = unserialize($dataString);includes\B2S\Network\Item.php:749
unserializeesc_html__('Apply for all %s connections', 'blog2social'), unserialize(B2S_PLUGIN_NETWORK)[$networkIincludes\B2S\Network\Item.php:766
unserialize$defaultSchema = unserialize(B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT)[$networkId];includes\B2S\Network\Item.php:777
unserialize$defaultTemplate = unserialize(B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT);includes\B2S\Network\Item.php:953
unserialize$networkKindName = unserialize(B2S_PLUGIN_NETWORK_KIND);includes\B2S\Network\Item.php:1194
unserialize$this->networks = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Network\UserApp.php:13
unserialize$this->allowedAppsPerNetwork = unserialize(B2S_PLUGIN_ALLOWED_USER_APPS);includes\B2S\Network\UserApp.php:14
unserialize$supportedNetworks = unserialize(B2S_PLUGIN_USER_APP_NETWORKS);includes\B2S\Network\UserApp.php:21
unserialize$networks = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Post\Filter.php:197
unserialize$schedData = (!empty($var->draft_data)) ? http_build_query(unserialize($var->draft_data)) : '';includes\B2S\Post\Item.php:835
unserialize$networkType = unserialize(B2S_PLUGIN_NETWORK_TYPE);includes\B2S\Post\Item.php:1140
unserialize$networkName = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Post\Item.php:1141
unserialize$networkErrorCode = unserialize(B2S_PLUGIN_NETWORK_ERROR);includes\B2S\Post\Item.php:1142
unserialize$networkType = unserialize(B2S_PLUGIN_NETWORK_TYPE);includes\B2S\Post\Item.php:1303
unserialize$networkName = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Post\Item.php:1304
unserialize$schedData = unserialize($var->sched_data);includes\B2S\Post\Item.php:1332
unserialize$networkType = unserialize(B2S_PLUGIN_NETWORK_TYPE);includes\B2S\Post\Item.php:1394
unserialize$networkName = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Post\Item.php:1395
unserialize$boardId = unserialize($var->sched_data)["board"];includes\B2S\Post\Item.php:1421
unserialize$networkType = unserialize(B2S_PLUGIN_NETWORK_TYPE);includes\B2S\Post\Item.php:1534
unserialize$networkName = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Post\Item.php:1535
unserialize$networkErrorCode = unserialize(B2S_PLUGIN_NETWORK_ERROR);includes\B2S\Post\Item.php:1536
unserialize$tosCrossPosting = unserialize(B2S_PLUGIN_NETWORK_CROSSPOSTING_LIMIT);includes\B2S\Post\Tools.php:28
unserialize$schedData = unserialize($schedData[0]);includes\B2S\Post\Tools.php:43
unserialize$isVideoNetwork = unserialize(B2S_PLUGIN_NETWORK_SUPPORT_VIDEO);includes\B2S\PostBox.php:106
unserializeif (!in_array($item->networkId, unserialize(B2S_PLUGIN_NETWORK_SUPPORT_SOCIAL))) {includes\B2S\PostBox.php:111
unserialize$con = unserialize(B2S_PLUGIN_AUTO_POST_LIMIT);includes\B2S\PostBox.php:171
unserialize$this->template = ((defined('B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT')) ? unserialize(B2S_PLUGIincludes\B2S\QuickPost.php:22
unserialize$limit = unserialize(B2S_PLUGIN_RE_POST_LIMIT);includes\B2S\RePost\Item.php:54
unserialize$limit = unserialize(B2S_PLUGIN_RE_POST_LIMIT);includes\B2S\RePost\Item.php:166
unserialize$isVideoNetwork = unserialize(B2S_PLUGIN_NETWORK_SUPPORT_VIDEO);includes\B2S\RePost\Item.php:201
unserializeif (!in_array($item->networkId, unserialize(B2S_PLUGIN_NETWORK_SUPPORT_SOCIAL))) {includes\B2S\RePost\Item.php:206
unserialize$this->tosCrossPosting = unserialize(B2S_PLUGIN_NETWORK_CROSSPOSTING_LIMIT);includes\B2S\RePost\Save.php:49
unserialize$this->default_template = (defined('B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT')) ? unserialize(B2includes\B2S\RePost\Save.php:51
unserializeif ( defined('B2S_PLUGIN_ALLOW_ADD_LINK') && in_array($value->networkId, unserialize(B2S_PLUGIN_ALLOincludes\B2S\RePost\Save.php:110
unserialize$networkAuthData = unserialize($dataString);includes\B2S\RePost\Save.php:608
unserialize$this->allowPage = unserialize(B2S_PLUGIN_NETWORK_ALLOW_PAGE);includes\B2S\Settings\Item.php:23
unserialize$this->allowGroup = unserialize(B2S_PLUGIN_NETWORK_ALLOW_GROUP);includes\B2S\Settings\Item.php:24
unserialize$this->timeInfo = unserialize(B2S_PLUGIN_SCHED_DEFAULT_TIMES_INFO);includes\B2S\Settings\Item.php:25
unserializeforeach (unserialize(B2S_PLUGIN_SHORTENER) as $id => $name) {includes\B2S\Settings\Item.php:88
unserialize$defaultPostFormat = unserialize(B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT);includes\B2S\Settings\Item.php:311
unserialize$networkName = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Settings\Item.php:313
unserialize$defaultTemplate = unserialize(B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT);includes\B2S\Settings\Item.php:368
unserialize$this->default_template = (defined('B2S_PLUGIN_NETWORK_SETTINGS_TEMPLATE_DEFAULT')) ? unserialize(B2includes\B2S\Ship\Item.php:113
unserialize$networkName = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Ship\Item.php:162
unserialize$networkTypeName = unserialize(B2S_PLUGIN_NETWORK_TYPE);includes\B2S\Ship\Item.php:163
unserialize$networkTypeNameOverride = unserialize(B2S_PLUGIN_NETWORK_TYPE_INDIVIDUAL);includes\B2S\Ship\Item.php:164
unserialize$networkKindName = unserialize(B2S_PLUGIN_NETWORK_KIND);includes\B2S\Ship\Item.php:165
unserialize$networkAuthData = unserialize($dataString);includes\B2S\Ship\Item.php:175
unserializeif ($this->viewMode != 'modal' && array_key_exists($data->networkId, unserialize(B2S_PLUGIN_NETWORK_includes\B2S\Ship\Item.php:438
unserializeif (in_array($networkId, unserialize(B2S_PLUGIN_ALLOW_ADD_LINK)) && isset($this->post_template[$netwincludes\B2S\Ship\Item.php:2121
unserialize$networkName = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Ship\Item.php:2772
unserialize$this->networkName = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Ship\Navbar.php:22
unserialize$this->networkTypeName = unserialize(B2S_PLUGIN_NETWORK_TYPE);includes\B2S\Ship\Navbar.php:23
unserialize$this->networkTypeNameOverride = unserialize(B2S_PLUGIN_NETWORK_TYPE_INDIVIDUAL);includes\B2S\Ship\Navbar.php:24
unserialize$this->networkKindName = unserialize(B2S_PLUGIN_NETWORK_KIND);includes\B2S\Ship\Navbar.php:25
unserialize$this->allowProfil = unserialize(B2S_PLUGIN_NETWORK_ALLOW_PROFILE);includes\B2S\Ship\Navbar.php:28
unserialize$this->allowPage = unserialize(B2S_PLUGIN_NETWORK_ALLOW_PAGE);includes\B2S\Ship\Navbar.php:29
unserialize$this->allowGroup = unserialize(B2S_PLUGIN_NETWORK_ALLOW_GROUP);includes\B2S\Ship\Navbar.php:30
unserialize$this->oAuthPortal = unserialize(B2S_PLUGIN_NETWORK_OAUTH);includes\B2S\Ship\Navbar.php:31
unserialize$this->isVideoNetwork = unserialize(B2S_PLUGIN_NETWORK_SUPPORT_VIDEO);includes\B2S\Ship\Navbar.php:33
unserializeif (!in_array($data->networkId, unserialize(B2S_PLUGIN_NETWORK_SUPPORT_SOCIAL))) {includes\B2S\Ship\Navbar.php:80
unserialize$this->allowProfil = unserialize(B2S_PLUGIN_NETWORK_ALLOW_PROFILE);includes\B2S\Ship\Portale.php:21
unserialize$this->allowPage = unserialize(B2S_PLUGIN_NETWORK_ALLOW_PAGE);includes\B2S\Ship\Portale.php:22
unserialize$this->allowGroup = unserialize(B2S_PLUGIN_NETWORK_ALLOW_GROUP);includes\B2S\Ship\Portale.php:23
unserialize$this->oAuthPortal = unserialize(B2S_PLUGIN_NETWORK_OAUTH);includes\B2S\Ship\Portale.php:24
unserialize$this->networkTypeName = unserialize(B2S_PLUGIN_NETWORK_TYPE);includes\B2S\Ship\Portale.php:25
unserialize$this->networkTypeNameIndividual = unserialize(B2S_PLUGIN_NETWORK_TYPE_INDIVIDUAL);includes\B2S\Ship\Portale.php:26
unserialize$this->isVideoNetwork = unserialize(B2S_PLUGIN_NETWORK_SUPPORT_VIDEO);includes\B2S\Ship\Portale.php:27
unserializeif (!in_array($portal->id, unserialize(B2S_PLUGIN_NETWORK_SUPPORT_SOCIAL))) {includes\B2S\Ship\Portale.php:45
unserialize$errorText = unserialize(B2S_PLUGIN_NETWORK_ERROR);includes\B2S\Ship\Save.php:316
unserialize$errorText = unserialize(B2S_PLUGIN_NETWORK_ERROR);includes\B2S\Ship\Save.php:804
unserializeif (preg_match("/(" . implode("|", unserialize(B2S_PLUGIN_SYSTEMREQUIREMENT_PLUGINWARNING_WORDS)) . includes\B2S\Support\Check\System.php:226
unserialize$networkType = unserialize(B2S_PLUGIN_NETWORK_TYPE);includes\B2S\Video\Item.php:72
unserialize$networkName = unserialize(B2S_PLUGIN_NETWORK);includes\B2S\Video\Item.php:73
unserialize$networkErrorCode = unserialize(B2S_PLUGIN_NETWORK_ERROR);includes\B2S\Video\Item.php:74
unserializeif (defined('B2S_PLUGIN_CHANGELOG_CONTENT') && !empty(array_filter(unserialize(B2S_PLUGIN_CHANGELOG_includes\Changelog.php:7
unserialize$changelogContent = unserialize(B2S_PLUGIN_CHANGELOG_CONTENT);includes\Changelog.php:23
unserializeforeach (unserialize(B2S_PLUGIN_CHANGELOG_CONTENT) as $key => $value) {includes\Changelog.php:30
unserialize$con = unserialize(B2S_PLUGIN_AUTO_POST_LIMIT);includes\Loader.php:357
unserializeif (in_array($networkId, unserialize(B2S_PLUGIN_ALLOW_ADD_LINK)) && isset($optionPostFormat[$networkincludes\Loader.php:449
unserialize$tosCrossPosting = unserialize(B2S_PLUGIN_NETWORK_CROSSPOSTING_LIMIT);includes\Loader.php:962
unserializeif (in_array($value->networkId, unserialize(B2S_PLUGIN_ALLOW_ADD_LINK)) && isset($optionPostFormat[$includes\Loader.php:1013
unserializeif (isset($_GET['page']) && !empty($_GET['page']) && in_array(sanitize_text_field(wp_unslash($_GET['includes\Loader.php:1366
unserialize$blocked = unserialize(B2S_PLUGIN_WHITE_LABEL_BLOCKED_AREA);includes\System.php:59
unserialize$appQuantity = unserialize(B2S_PLUGIN_DEFAULT_USER_APP_QUANTITY);includes\Tools.php:61
unserializeforeach (unserialize(B2S_PLUGIN_USER_APP_NETWORKS) as $network) {includes\Tools.php:68
unserialize$defaultTimes = unserialize(B2S_PLUGIN_SCHED_DEFAULT_TIMES);includes\Tools.php:129
unserialize$allowPage = unserialize(B2S_PLUGIN_NETWORK_ALLOW_PAGE);includes\Tools.php:130
unserialize$allowGroup = unserialize(B2S_PLUGIN_NETWORK_ALLOW_GROUP);includes\Tools.php:131
unserialize$b2sVersionType = unserialize(B2S_PLUGIN_VERSION_TYPE);includes\Tools.php:649
unserialize$allowComment = unserialize(B2S_PLUGIN_NETWORK_ALLOW_COMMENT);includes\Tools.php:866
unserialize$getPages = unserialize(B2S_PLUGIN_PAGE_TITLE);views\b2s\html\header.php:18
unserialize$con = unserialize(B2S_PLUGIN_AUTO_POST_LIMIT);views\b2s\html\header.php:28
unserialize$b2sPrivacyPolicy = unserialize(base64_decode($b2sPrivacyPolicy));views\b2s\html\header.php:37
unserializeif (isset($_GET['page']) && !empty($_GET['page']) && !in_array($_GET['page'], unserialize(B2S_PLUGINviews\b2s\html\header.php:470
unserialize$versionType = unserialize(B2S_PLUGIN_VERSION_TYPE);views\b2s\html\sidebar.php:52
unserialize$versionType = unserialize(B2S_PLUGIN_VERSION_TYPE);views\b2s\html\sidebar.ship.php:51
unserialize<img style="margin-right: 10px;" alt="' . esc_attr(unserialize(B2S_PLUGIN_NETWORK)[$networkId]) . '"views\b2s\metrics.php:89
unserialize<b>' . esc_html(unserialize(B2S_PLUGIN_NETWORK)[$networkId]) . '</b><br>views\b2s\metrics.php:91
unserialize<input type="hidden" id="b2sNetworkTypeNameOverride" value="<?php echo esc_attr(json_encode(unserialviews\b2s\network.php:900
unserialize<input type="hidden" id="b2sNetworkTypeName" value="<?php echo esc_attr(json_encode(unserialize(B2S_views\b2s\network.php:901
unserialize$supportedNetworks = unserialize(B2S_PLUGIN_USER_APP_NETWORKS);views\b2s\network.userapps.php:14
unserialize$networks = unserialize(B2S_PLUGIN_NETWORK);views\b2s\network.userapps.php:15
unserialize$versionType = unserialize(B2S_PLUGIN_VERSION_TYPE);views\b2s\premium.php:28
unserialize$tosCrossPosting = unserialize(B2S_PLUGIN_NETWORK_CROSSPOSTING_LIMIT);views\b2s\ship.php:20
unserialize$draftData = (isset($sqlResult->data) && !empty($sqlResult->data)) ? unserialize($sqlResult->data) :views\b2s\ship.php:49
unserialize<input type="file" name="file" id="b2s-video-upload-file" accept="<?php echo esc_html(implode(',', uviews\b2s\video.php:220

Bundled Libraries

jQuery

SQL Query Safety

85% prepared431 total queries

Output Escaping

93% escaped5491 total outputs
Data Flows
9 unsanitized

Data Flow Analysis

25 flows9 with unsanitized paths
b2s_save_post_alert_meta_box (includes\Loader.php:1173)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Blog2Social: Social Media Auto Post & Scheduler Attack Surface

Entry Points107
Unprotected0

AJAX Handlers 107

authwp_ajax_b2s_ship_itemincludes\Ajax\Get.php:17
authwp_ajax_b2s_sort_dataincludes\Ajax\Get.php:18
authwp_ajax_b2s_get_sched_posts_by_user_authincludes\Ajax\Get.php:19
authwp_ajax_b2s_get_network_board_and_groupincludes\Ajax\Get.php:20
authwp_ajax_b2s_publish_post_dataincludes\Ajax\Get.php:21
authwp_ajax_b2s_sched_post_dataincludes\Ajax\Get.php:22
authwp_ajax_b2s_approve_post_dataincludes\Ajax\Get.php:23
authwp_ajax_b2s_ship_navbar_itemincludes\Ajax\Get.php:24
authwp_ajax_b2s_scrape_urlincludes\Ajax\Get.php:25
authwp_ajax_b2s_get_settings_sched_time_defaultincludes\Ajax\Get.php:26
authwp_ajax_b2s_get_settings_sched_time_userincludes\Ajax\Get.php:27
authwp_ajax_b2s_ship_item_full_textincludes\Ajax\Get.php:28
authwp_ajax_b2s_ship_item_reload_urlincludes\Ajax\Get.php:29
authwp_ajax_b2s_get_faq_entriesincludes\Ajax\Get.php:30
authwp_ajax_b2s_get_calendar_eventsincludes\Ajax\Get.php:31
authwp_ajax_b2s_get_post_edit_modalincludes\Ajax\Get.php:32
authwp_ajax_b2s_get_calendar_filter_network_authincludes\Ajax\Get.php:33
authwp_ajax_b2s_get_image_modalincludes\Ajax\Get.php:34
authwp_ajax_b2s_get_multi_widget_contentincludes\Ajax\Get.php:35
authwp_ajax_b2s_get_calendar_widget_contentincludes\Ajax\Get.php:36
authwp_ajax_b2s_get_blog_post_statusincludes\Ajax\Get.php:37
authwp_ajax_b2s_support_systemrequirementsincludes\Ajax\Get.php:38
authwp_ajax_b2s_search_userincludes\Ajax\Get.php:39
authwp_ajax_b2s_get_select_mandant_userincludes\Ajax\Get.php:40
authwp_ajax_b2s_get_edit_templateincludes\Ajax\Get.php:41
authwp_ajax_b2s_check_draft_existsincludes\Ajax\Get.php:42
authwp_ajax_b2s_get_curation_ship_detailsincludes\Ajax\Get.php:43
authwp_ajax_b2s_get_network_auth_settingsincludes\Ajax\Get.php:44
authwp_ajax_b2s_update_post_boxincludes\Ajax\Get.php:45
authwp_ajax_b2s_get_image_captionincludes\Ajax\Get.php:46
authwp_ajax_b2s_load_insightsincludes\Ajax\Get.php:47
authwp_ajax_b2s_get_video_upload_dataincludes\Ajax\Get.php:48
authwp_ajax_get_posts_detail_dataincludes\Ajax\Get.php:49
authwp_ajax_b2s_get_ass_detailsincludes\Ajax\Get.php:50
authwp_ajax_b2s_get_ass_settingsincludes\Ajax\Get.php:51
authwp_ajax_b2s_get_dashboard_activityincludes\Ajax\Get.php:52
authwp_ajax_b2s_save_ship_dataincludes\Ajax\Post.php:21
authwp_ajax_b2s_save_user_mandantincludes\Ajax\Post.php:22
authwp_ajax_b2s_delete_mandantincludes\Ajax\Post.php:23
authwp_ajax_b2s_lock_auto_post_importincludes\Ajax\Post.php:24
authwp_ajax_b2s_delete_user_authincludes\Ajax\Post.php:25
authwp_ajax_b2s_update_user_versionincludes\Ajax\Post.php:26
authwp_ajax_b2s_accept_privacy_policyincludes\Ajax\Post.php:27
authwp_ajax_b2s_save_network_board_and_groupincludes\Ajax\Post.php:28
authwp_ajax_b2s_delete_user_sched_postincludes\Ajax\Post.php:29
authwp_ajax_b2s_activate_addon_trialincludes\Ajax\Post.php:30
authwp_ajax_b2s_delete_user_publish_postincludes\Ajax\Post.php:31
authwp_ajax_b2s_delete_user_approve_postincludes\Ajax\Post.php:32
authwp_ajax_b2s_delete_user_cc_draft_postincludes\Ajax\Post.php:33
authwp_ajax_b2s_user_network_settingsincludes\Ajax\Post.php:34
authwp_ajax_b2s_auto_post_settingsincludes\Ajax\Post.php:35
authwp_ajax_b2s_save_social_meta_tagsincludes\Ajax\Post.php:36
authwp_ajax_b2s_reset_social_meta_tagsincludes\Ajax\Post.php:37
authwp_ajax_b2s_save_user_time_settingsincludes\Ajax\Post.php:38
authwp_ajax_b2s_network_save_auth_to_settingsincludes\Ajax\Post.php:39
authwp_ajax_b2s_prg_loginincludes\Ajax\Post.php:40
authwp_ajax_b2s_prg_logoutincludes\Ajax\Post.php:41
authwp_ajax_b2s_prg_shipincludes\Ajax\Post.php:42
authwp_ajax_b2s_ship_navbar_save_settingsincludes\Ajax\Post.php:43
authwp_ajax_b2s_post_mail_updateincludes\Ajax\Post.php:44
authwp_ajax_b2s_calendar_move_postincludes\Ajax\Post.php:45
authwp_ajax_b2s_delete_postincludes\Ajax\Post.php:46
authwp_ajax_b2s_edit_save_postincludes\Ajax\Post.php:47
authwp_ajax_b2s_get_calendar_release_locksincludes\Ajax\Post.php:48
authwp_ajax_b2s_update_approve_postincludes\Ajax\Post.php:49
authwp_ajax_b2s_hide_ratingincludes\Ajax\Post.php:50
authwp_ajax_b2s_hide_premium_messageincludes\Ajax\Post.php:51
authwp_ajax_b2s_hide_trail_messageincludes\Ajax\Post.php:52
authwp_ajax_b2s_hide_trail_ended_messageincludes\Ajax\Post.php:53
authwp_ajax_b2s_plugin_deactivate_delete_sched_postincludes\Ajax\Post.php:54
authwp_ajax_b2s_curation_shareincludes\Ajax\Post.php:55
authwp_ajax_b2s_curation_customizeincludes\Ajax\Post.php:56
authwp_ajax_b2s_curation_draftincludes\Ajax\Post.php:57
authwp_ajax_b2s_move_user_auth_to_profileincludes\Ajax\Post.php:58
authwp_ajax_b2s_assign_network_user_authincludes\Ajax\Post.php:59
authwp_ajax_b2s_save_post_templateincludes\Ajax\Post.php:60
authwp_ajax_b2s_load_default_post_templateincludes\Ajax\Post.php:61
authwp_ajax_b2s_save_draft_dataincludes\Ajax\Post.php:62
authwp_ajax_b2s_delete_user_draftincludes\Ajax\Post.php:63
authwp_ajax_b2s_change_favorite_statusincludes\Ajax\Post.php:64
authwp_ajax_b2s_save_url_parameterincludes\Ajax\Post.php:65
authwp_ajax_b2s_save_share_settingsincludes\Ajax\Post.php:66
authwp_ajax_b2s_re_post_submitincludes\Ajax\Post.php:67
authwp_ajax_b2s_delete_re_post_schedincludes\Ajax\Post.php:68
authwp_ajax_b2s_community_registerincludes\Ajax\Post.php:69
authwp_ajax_b2s_auto_post_assign_by_disconnectincludes\Ajax\Post.php:70
authwp_ajax_b2s_metrics_starting_confirmincludes\Ajax\Post.php:71
authwp_ajax_b2s_metrics_banner_closeincludes\Ajax\Post.php:72
authwp_ajax_b2s_metrics_feedback_closeincludes\Ajax\Post.php:73
authwp_ajax_b2s_continue_trial_optionincludes\Ajax\Post.php:74
authwp_ajax_b2s_final_trial_optionincludes\Ajax\Post.php:75
authwp_ajax_b2s_upload_videoincludes\Ajax\Post.php:76
authwp_ajax_b2s_delete_all_posts_older_thanincludes\Ajax\Post.php:77
authwp_ajax_b2s_add_user_appincludes\Ajax\Post.php:78
authwp_ajax_b2s_edit_user_appincludes\Ajax\Post.php:79
authwp_ajax_b2s_delete_user_appincludes\Ajax\Post.php:80
authwp_ajax_b2s_save_user_onboardingincludes\Ajax\Post.php:81
authwp_ajax_b2s_save_user_onboarding_pausedincludes\Ajax\Post.php:82
authwp_ajax_b2s_ass_auth_saveincludes\Ajax\Post.php:83
authwp_ajax_b2s_ass_generate_text_smincludes\Ajax\Post.php:84
authwp_ajax_b2s_ass_settings_saveincludes\Ajax\Post.php:85
authwp_ajax_b2s_ass_logoutincludes\Ajax\Post.php:86
authwp_ajax_b2s_delete_post_notice_allincludes\Ajax\Post.php:87
authwp_ajax_b2s_check_image_size_networkincludes\Ajax\Post.php:88
authwp_ajax_b2s_check_image_size_network_allincludes\Ajax\Post.php:89
authwp_ajax_b2s_send_trail_feedbackincludes\Ajax\Post.php:90
authwp_ajax_b2s_debug_connectionincludes\Ajax\Post.php:91
WordPress Hooks 34
actioninitblog2social.php:64
filtersafe_style_cssincludes\Loader.php:33
actionadmin_noticesincludes\Loader.php:39
filterheartbeat_receivedincludes\Loader.php:164
actionwp_logoutincludes\Loader.php:165
actiontransition_post_statusincludes\Loader.php:166
actionadmin_initincludes\Loader.php:193
actionadmin_enqueue_scriptsincludes\Loader.php:194
actionadmin_menuincludes\Loader.php:195
actionadmin_bar_menuincludes\Loader.php:196
actionadmin_noticesincludes\Loader.php:197
actionwp_loadedincludes\Loader.php:198
actionadmin_noticesincludes\Loader.php:199
actionadd_meta_boxesincludes\Loader.php:200
actionsave_postincludes\Loader.php:201
actiontrash_postincludes\Loader.php:202
actionwp_trash_postincludes\Loader.php:203
actionprint_media_templatesincludes\Loader.php:204
actionadmin_footerincludes\Loader.php:205
filterwp_footerincludes\Loader.php:244
actionwp_headincludes\Loader.php:245
filterredirect_post_locationincludes\Loader.php:1086
filterredirect_post_locationincludes\Loader.php:1088
filterredirect_post_locationincludes\Loader.php:1092
filterredirect_post_locationincludes\Loader.php:1096
filterwpseo_opengraph_titleincludes\Meta.php:413
filterwpseo_opengraph_descincludes\Meta.php:415
filterwpseo_opengraph_imageincludes\Meta.php:417
filterwpseo_opengraph_typeincludes\Meta.php:419
filterwpseo_og_localeincludes\Meta.php:421
filterwpseo_twitter_card_typeincludes\Meta.php:430
filterwpseo_twitter_titleincludes\Meta.php:432
filterwpseo_twitter_descriptionincludes\Meta.php:434
filterwpseo_twitter_imageincludes\Meta.php:436
Maintenance & Trust

Blog2Social: Social Media Auto Post & Scheduler Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 27, 2026
PHP min version7.4
Downloads4.7M

Community Trust

Rating90/100
Number of ratings2,083
Active installs50K
Alternatives

Blog2Social: Social Media Auto Post & Scheduler Alternatives

Bit Social – Social Media Auto Poster and Scheduler

Bit Social – Social Media Auto Poster and Scheduler

bit-social

A
100

Schedule WordPress posts to social media and auto share content across Facebook, Twitter (X), Instagram, Pinterest, TikTok, and LinkedIn.

6K No CVEs
Social Media Auto Poster – Schedule & Publish to Buffer

Social Media Auto Poster – Schedule & Publish to Buffer

wp-to-buffer

A
100

Automatically post and schedule your WordPress content to Facebook, X/Twitter, LinkedIn, Threads, Bluesky, and more social networks using Buffer.

8K 1 CVE
Revive Social – Social Media Auto Post and Scheduling Automation Plugin

Revive Social – Social Media Auto Post and Scheduling Automation Plugin

tweet-old-post

A
95

Automatically share your WordPress posts on multiple social networks like Facebook, X (Twitter), LinkedIn, Instagram and more.

20K 3 CVEs
Nelio Content – Editorial Calendar & Social Media Auto-Posting

Nelio Content – Editorial Calendar & Social Media Auto-Posting

nelio-content

A
96

Editorial calendar and social media auto-posting for WordPress. Plan content, schedule shares, and grow reach with powerful automations.

5K 3 CVEs
Post to Social Media – WordPress to Hootsuite

Post to Social Media – WordPress to Hootsuite

wp-to-hootsuite

A
98

Automatically share WordPress Pages, Posts or Custom Post Types to Facebook, Twitter and LinkedIn using your Hootsuite (hootsuite.com) account.

300 2 CVEs
Developer Profile

Blog2Social: Social Media Auto Post & Scheduler Developer Profile

Adenion

2 plugins · 50K total installs

66
trust score
Avg Security Score
81/100
Avg Patch Time
566 days
View full developer profile
Detection Fingerprints

How We Detect Blog2Social: Social Media Auto Post & Scheduler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/blog2social/css/b2s-style-admin.css/wp-content/plugins/blog2social/css/b2s-style-public.css/wp-content/plugins/blog2social/js/b2s-script.js/wp-content/plugins/blog2social/js/b2s-script-public.js/wp-content/plugins/blog2social/js/b2s-script-network.js
Script Paths
/wp-content/plugins/blog2social/js/b2s-script.js/wp-content/plugins/blog2social/js/b2s-script-public.js/wp-content/plugins/blog2social/js/b2s-script-network.js
Version Parameters
blog2social/css/b2s-style-admin.css?ver=blog2social/css/b2s-style-public.css?ver=blog2social/js/b2s-script.js?ver=blog2social/js/b2s-script-public.js?ver=blog2social/js/b2s-script-network.js?ver=

HTML / DOM Fingerprints

CSS Classes
b2s-box-container
HTML Comments
B2S_PLUGIN_DIRB2S_PLUGIN_URLB2S_PLUGIN_HOOKB2S_PLUGIN_FILE+13 more
Data Attributes
data-b2s-post-id
JS Globals
B2S_Plugin_URL
FAQ

Frequently Asked Questions about Blog2Social: Social Media Auto Post & Scheduler