Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pr-gateway — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting pr-gateway. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PR-Gateway serves as a web-based platform for press release distribution and media management. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its 12 recorded CVEs. The application's exposure stems from insufficient input validation and insecure authentication mechanisms. Notable security characteristics include its internet-facing deployment and integration with third-party services, which expand its attack surface. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities across multiple CVEs indicates ongoing security challenges that require diligent patch management and hardening by implementing organizations.

Top products by pr-gateway: Blog2Social: Social Media Auto Post & Scheduler
CVE IDTitleCVSSSeverityPublished
CVE-2026-4330 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Schedule Modification via 'b2s_id' Parameter — Blog2Social: Social Media Auto Post & SchedulerCWE-639 4.3 Medium2026-04-08
CVE-2026-4331 Blog2Social: Social Media Auto Post & Scheduler <= 8.8.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Deletion via 'b2s_reset_social_meta_tags' AJAX Action — Blog2Social: Social Media Auto Post & SchedulerCWE-862 4.3 Medium2026-03-26
CVE-2026-1942 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Modification — Blog2Social: Social Media Auto Post & SchedulerCWE-862 6.5 Medium2026-02-18
CVE-2025-14943 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure — Blog2Social: Social Media Auto Post & SchedulerCWE-863 4.3 Medium2026-01-10
CVE-2025-13558 Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing — Blog2Social: Social Media Auto Post & SchedulerCWE-862 5.4 Medium2025-11-25
CVE-2025-12560 Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Authenticated (Subscriber+) Blind Server-Side Request Forgery via post_url — Blog2Social: Social Media Auto Post & SchedulerCWE-918 4.3 Medium2025-11-06
CVE-2025-12563 Blog2Social: Social Media Auto Post & Scheduler <= 8.6.0 - Incorrect Authorization to Video File Upload — Blog2Social: Social Media Auto Post & SchedulerCWE-862 4.3 Medium2025-11-06
CVE-2025-5673 Blog2Social <= 8.4.4 - Authenticated (Subscriber+) SQL Injection via `prgSortPostType` Parameter — Blog2Social: Social Media Auto Post & SchedulerCWE-89 6.5 Medium2025-06-17
CVE-2024-7302 Blog2Social: Social Media Auto Post & Scheduler <= 7.5.4 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload — Blog2Social: Social Media Auto Post & SchedulerCWE-79 6.4 Medium2024-08-01
CVE-2024-3549 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection — Blog2Social: Social Media Auto Post & SchedulerCWE-89 9.9 Critical2024-06-11
CVE-2024-3678 Blog2Social: Social Media Auto Post & Scheduler <= 7.4.2 - Information Exposure — Blog2Social: Social Media Auto Post & SchedulerCWE-862 5.3 Medium2024-04-26
CVE-2022-3622 Blog2Social <= 6.9.11 - Missing Authorization to Authenticated (Subscriber+) Settings Update — Blog2Social: Social Media Auto Post & SchedulerCWE-862 4.1 Medium2023-10-20

This page lists every published CVE security advisory associated with pr-gateway. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.