SQL Injection Flaw in NotFound Social Share and Social Locker Plugin
CVE-2025-31911

9.3CRITICAL

Key Information:

Vendor: Notfound
Status: Social Share And Social Locker
Vendor: CVE Published:; 3 April 2025

What is CVE-2025-31911?

The NotFound Social Share and Social Locker plugin is vulnerable to an SQL injection flaw that allows attackers to execute untrusted SQL commands through unsanitized input. This vulnerability enables potential exploitation through blind SQL injection, where an attacker can manipulate backend database queries by submitting crafted inputs, potentially exposing sensitive information or compromising the site’s integrity. The flaw affects all versions prior to 1.4.2.

Affected Version(s)

Social Share And Social Locker <= 1.4.2

References

https://patchstack.com/database/wordpress/plugin/social-s...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Apr 1, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)

Notfound

What is CVE-2025-31911?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit