SQL Injection Vulnerability in mooSocial Store Plugin by mooSocial
CVE-2018-25371

8.8HIGH

Key Information:

Vendor: Moosocial
Status: Moosocial Store Plugin
Vendor: CVE Published:; 25 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-25371?

The mooSocial Store Plugin version 2.6 is susceptible to a blind SQL injection vulnerability. This flaw enables unauthenticated attackers to execute malicious SQL statements by manipulating the product parameter in the URL rewrite functionality. By utilizing techniques such as boolean-based blind, time-based blind, or stacked queries, attackers can retrieve sensitive data stored in the database, compromising the integrity and confidentiality of the information. Addressing this vulnerability is essential to safeguarding the application from unauthorized data access and exploitation.

Affected Version(s)

mooSocial Store Plugin 2.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-25371 - Proof of Concept

References

https://www.exploit-db.com/exploits/45330

exploit

http://addons.moosocial.com/stores

third-party-advisory

https://moosocial.com/product/store-plugins/

product

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 25, 2026
👾
Exploit known to exist
May 25, 2026
Vulnerability published
May 25, 2026
Vulnerability Reserved
May 25, 2026

Credit

Andrea Bocchetti

CVE-2018-25371 Data

JSON

Moosocial

Badges

What is CVE-2018-25371?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit