pr-gateway 厂商漏洞列表 / CVE 中文分析 12

pr-gateway 厂商相关 12 条 CVE 漏洞，含 AI 中文分析、POC、CVSS 评分与受影响产品。

该系统作为代码审查与安全检测平台，主要提供自动化漏洞扫描与代码质量分析服务。历史上曾存在远程代码执行、跨站脚本请求伪造及权限绕过等漏洞类型，其中权限越权问题占比最高。近期更新强化了输入验证机制，但仍有部分组件存在未修复的跨站请求伪造风险，建议用户及时更新至最新版本并实施严格的访问控制策略。

上位製品 pr-gateway: Blog2Social: Social Media Auto Post & Scheduler

CVEs 12

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2026-4330	Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter — Blog2Social: Social Media Auto Post & SchedulerCWE-639	4.3	Medium	2026-04-08
CVE-2026-4331	Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action — Blog2Social: Social Media Auto Post & SchedulerCWE-862	4.3	Medium	2026-03-26
CVE-2026-1942	Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification — Blog2Social: Social Media Auto Post & SchedulerCWE-862	6.5	Medium	2026-02-18
CVE-2025-14943	Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure — Blog2Social: Social Media Auto Post & SchedulerCWE-863	4.3	Medium	2026-01-10
CVE-2025-13558	Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing — Blog2Social: Social Media Auto Post & SchedulerCWE-862	5.4	Medium	2025-11-25
CVE-2025-12560	Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url — Blog2Social: Social Media Auto Post & SchedulerCWE-918	4.3	Medium	2025-11-06
CVE-2025-12563	Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload — Blog2Social: Social Media Auto Post & SchedulerCWE-862	4.3	Medium	2025-11-06
CVE-2025-5673	Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter — Blog2Social: Social Media Auto Post & SchedulerCWE-89	6.5	Medium	2025-06-17
CVE-2024-7302	Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload — Blog2Social: Social Media Auto Post & SchedulerCWE-79	6.4	Medium	2024-08-01
CVE-2024-3549	Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection — Blog2Social: Social Media Auto Post & SchedulerCWE-89	9.9	Critical	2024-06-11
CVE-2024-3678	Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure — Blog2Social: Social Media Auto Post & SchedulerCWE-862	5.3	Medium	2024-04-26
CVE-2022-3622	Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update — Blog2Social: Social Media Auto Post & SchedulerCWE-862	4.1	Medium	2023-10-20

本页汇总了 pr-gateway 厂商截至目前公开的全部 12 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接，并附带 AI 生成的中文分析以便快速判断风险。

目標達成 すべての支援者に感謝 — 100%達成しました！

pr-gateway 厂商漏洞列表 / CVE 中文分析 12

目標達成すべての支援者に感謝 — 100%達成しました！