This vulnerability involves improper neutralization of special elements in SQL commands within the Social Share And Social Locker plugin by reputeinfosystems. It allows unauthenticated remote attackers to conduct Blind SQL Injection attacks, potentially exposing sensitive data. The issue affects all versions up to 1.4.2. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, with a scope change and high confidentiality impact but no integrity impact and low availability impact.

Successful exploitation of this vulnerability could allow attackers to extract sensitive information from the backend database without authentication, compromising confidentiality. The integrity of data is not impacted, and availability impact is low. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the affected plugin to mitigate risk. Monitor vendor channels for updates or patches addressing this vulnerability.