Cross-Site Scripting Vulnerability in NotFound Social Share and Social Locker Product
CVE-2025-31902
7.1HIGH
What is CVE-2025-31902?
The NotFound Social Share And Social Locker plugin is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts into web pages, potentially compromising user security and data integrity. Affected versions range from n/a to 1.4.1, making it crucial for users to take protective measures against potential exploitation.
Affected Version(s)
Social Share And Social Locker <= 1.4.1
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) (Patchstack Alliance)