Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: from n/a through <= 1.3.
Published: 2025-04-09
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows attackers to embed special characters within SQL queries, resulting in blind SQL injection that can retrieve or manipulate the content of the WordPress database. The weakness arises from insufficient input validation, exposing the site to data exfiltration or alteration. Consequences include loss of confidentiality and integrity of stored data and potential availability impacts if destructive queries are executed.

Affected Systems

The affected product is WP Social Stream Designer for WordPress, released by solwininfotech. All installations using version 1.3 or earlier are susceptible; newer versions following the patch are not affected.

Risk and Exploitability

The CVSS score of 7.6 categorizes this as a high‑severity flaw, yet the EPSS indicates a low probability of exploitation (<1%). It is currently not listed in CISA’s KEV catalog. Based on the description, it is inferred that attackers can exploit this exposed query interface remotely once the plugin is loaded on a public site, provided user input is passed to the database without proper sanitization.

Generated by OpenCVE AI on May 2, 2026 at 02:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update WP Social Stream Designer to the latest available version (post‑1.3).
  • If upgrading is not immediately possible, disable or remove the vulnerable plugin to eliminate the attack surface.
  • Configure the WordPress database to enforce least privilege and limit the application’s database user to read‑only or minimal permissions to reduce potential damage.

Generated by OpenCVE AI on May 2, 2026 at 02:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10572 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer allows Blind SQL Injection. This issue affects WP Social Stream Designer: from n/a through 1.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer allows Blind SQL Injection. This issue affects WP Social Stream Designer: from n/a through 1.3. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer social-stream-design allows Blind SQL Injection.This issue affects WP Social Stream Designer: from n/a through <= 1.3.
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Wed, 09 Apr 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 09 Apr 2025 16:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer allows Blind SQL Injection. This issue affects WP Social Stream Designer: from n/a through 1.3.
Title WordPress WP Social Stream Designer plugin <= 1.3 - SQL Injection vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:27.954Z

Reserved: 2025-04-09T11:21:24.365Z

Link: CVE-2025-32677

cve-icon Vulnrichment

Updated: 2025-04-09T17:42:53.832Z

cve-icon NVD

Status : Deferred

Published: 2025-04-09T17:15:51.730

Modified: 2026-06-17T09:12:24.360

Link: CVE-2025-32677

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T02:30:25Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')