Plattform
wordpress
Komponente
awesome-logos
Behoben in
1.2.1
CVE-2025-30528 describes a Cross-Site Request Forgery (CSRF) vulnerability within the Awesome Logos WordPress plugin that can be leveraged to perform SQL Injection attacks. Successful exploitation allows an attacker to potentially gain unauthorized access to the database and extract sensitive information. This vulnerability impacts versions of Awesome Logos from 0.0.0 through 1.2, and a patch is available in version 1.2.1.
The SQL Injection vulnerability in Awesome Logos allows attackers to inject malicious SQL code into database queries. This can lead to a wide range of consequences, including unauthorized data access, modification, or deletion. An attacker could potentially extract user credentials, sensitive configuration data, or even gain control of the entire WordPress site. The CSRF aspect means an attacker can trigger this injection without direct user interaction, making it a particularly dangerous threat. The blast radius extends to any data stored within the WordPress database accessible through the vulnerable plugin.
CVE-2025-30528 was publicly disclosed on 2025-03-24. The vulnerability's severity is high due to the potential for SQL injection and the ease of exploitation via CSRF. No public proof-of-concept exploits have been identified at the time of writing, but the potential for exploitation remains significant. The vulnerability has not been added to the CISA KEV catalog.
WordPress websites utilizing the Awesome Logos plugin, particularly those with default configurations or shared hosting environments, are at significant risk. Sites with sensitive user data or financial information stored in the WordPress database are especially vulnerable.
• wordpress / composer / npm:
grep -r "SELECT .* FROM" /var/www/html/wp-content/plugins/awesome-logos/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/awesome-logos/ | grep SQLdisclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-30528 is to immediately upgrade the Awesome Logos plugin to version 1.2.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious SQL injection patterns targeting the vulnerable endpoints. Additionally, review and restrict file permissions to the WordPress installation to limit potential damage from a successful attack. After upgrading, confirm the vulnerability is resolved by attempting a test SQL injection payload through the plugin's affected functionality.
Aktualisieren Sie das Plugin Awesome Logos auf die neueste verfügbare Version, um die (SQL Injection) Schwachstelle über CSRF zu mindern. Überprüfen Sie die Plugin-Quelle auf wordpress.org, um die neueste Version zu erhalten und befolgen Sie die vom Entwickler bereitgestellten Update-Anweisungen. Erwägen Sie die Implementierung zusätzlicher Sicherheitsmaßnahmen, wie z. B. Eingabevalidierung und Datensanierung, um zukünftige Schwachstellen zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-30528 is a critical SQL Injection vulnerability affecting the Awesome Logos WordPress plugin, allowing attackers to potentially extract or modify database data.
If you are using Awesome Logos version 0.0.0 through 1.2, you are affected by this vulnerability. Upgrade immediately.
Upgrade the Awesome Logos plugin to version 1.2.1 or later to resolve the SQL Injection vulnerability. Consider WAF rules as a temporary mitigation.
While no public exploits are currently known, the potential for exploitation is significant due to the ease of CSRF exploitation and the severity of SQL injection.
Refer to the Awesome Logos plugin developer's website or WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.