cvelist/2025/31xxx/CVE-2025-31911.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2025-31911",
        "ASSIGNER": "audit@patchstack.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Share And Social Locker allows Blind SQL Injection. This issue affects Social Share And Social Locker: from n/a through 1.4.2."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                        "cweId": "CWE-89"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "NotFound",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Social Share And Social Locker",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "n/a",
                                            "version_value": "1.4.2"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://patchstack.com/database/wordpress/plugin/social-share-and-social-locker-arsocial/vulnerability/wordpress-social-share-and-social-locker-plugin-1-4-2-sql-injection-vulnerability?_s_id=cve",
                "refsource": "MISC",
                "name": "https://patchstack.com/database/wordpress/plugin/social-share-and-social-locker-arsocial/vulnerability/wordpress-social-share-and-social-locker-plugin-1-4-2-sql-injection-vulnerability?_s_id=cve"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "discovery": "EXTERNAL"
    },
    "credits": [
        {
            "lang": "en",
            "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)"
        }
    ],
    "impact": {
        "cvss": [
            {
                "baseScore": 9.3,
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
                "baseSeverity": "CRITICAL",
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "version": "3.1"
            }
        ]
    }
}
"-Synchronized-Data." 2025-04-02 21:00:34 +00:00			`{`
"-Synchronized-Data." 2025-04-03 14:00:37 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2025-04-02 21:00:34 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2025-31911",`
"-Synchronized-Data." 2025-04-03 14:00:37 +00:00			`"ASSIGNER": "audit@patchstack.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2025-04-02 21:00:34 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2025-04-03 14:00:37 +00:00			`"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Social Share And Social Locker allows Blind SQL Injection. This issue affects Social Share And Social Locker: from n/a through 1.4.2."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",`
			`"cweId": "CWE-89"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "NotFound",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Social Share And Social Locker",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_name": "n/a",`
			`"version_value": "1.4.2"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://patchstack.com/database/wordpress/plugin/social-share-and-social-locker-arsocial/vulnerability/wordpress-social-share-and-social-locker-plugin-1-4-2-sql-injection-vulnerability?_s_id=cve",`
			`"refsource": "MISC",`
			`"name": "https://patchstack.com/database/wordpress/plugin/social-share-and-social-locker-arsocial/vulnerability/wordpress-social-share-and-social-locker-plugin-1-4-2-sql-injection-vulnerability?_s_id=cve"`
			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.2.0"`
			`},`
			`"source": {`
			`"discovery": "EXTERNAL"`
			`},`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)"`
			`}`
			`],`
			`"impact": {`
			`"cvss": [`
			`{`
			`"baseScore": 9.3,`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",`
			`"baseSeverity": "CRITICAL",`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "LOW",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "NONE",`
			`"privilegesRequired": "NONE",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"version": "3.1"`
"-Synchronized-Data." 2025-04-02 21:00:34 +00:00			`}`
			`]`
			`}`
			`}`