mooSocial v3.1.8 is vulnerable to Cross Site Request Forgery (CSRF) which allows attacker to change admin password once an authenticated admin user clicks on the malicious crafted HTML page.
I am providing 2 HTML Pages which will when clicked by an authenticated admin user will change their password.