Platform
wordpress
Component
awesome-logos
Fixed in
1.2.1
CVE-2025-30528 describes a Cross-Site Request Forgery (CSRF) vulnerability within the Awesome Logos WordPress plugin that can be leveraged to perform SQL Injection attacks. Successful exploitation allows an attacker to potentially gain unauthorized access to the database and extract sensitive information. This vulnerability impacts versions of Awesome Logos from 0.0.0 through 1.2, and a patch is available in version 1.2.1.
The SQL Injection vulnerability in Awesome Logos allows attackers to inject malicious SQL code into database queries. This can lead to a wide range of consequences, including unauthorized data access, modification, or deletion. An attacker could potentially extract user credentials, sensitive configuration data, or even gain control of the entire WordPress site. The CSRF aspect means an attacker can trigger this injection without direct user interaction, making it a particularly dangerous threat. The blast radius extends to any data stored within the WordPress database accessible through the vulnerable plugin.
CVE-2025-30528 was publicly disclosed on 2025-03-24. The vulnerability's severity is high due to the potential for SQL injection and the ease of exploitation via CSRF. No public proof-of-concept exploits have been identified at the time of writing, but the potential for exploitation remains significant. The vulnerability has not been added to the CISA KEV catalog.
Exploit Status
EPSS
0.04% (13% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-30528 is to immediately upgrade the Awesome Logos plugin to version 1.2.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious SQL injection patterns targeting the vulnerable endpoints. Additionally, review and restrict file permissions to the WordPress installation to limit potential damage from a successful attack. After upgrading, confirm the vulnerability is resolved by attempting a test SQL injection payload through the plugin's affected functionality.
Update the Awesome Logos plugin to the latest available version to mitigate the SQL Injection vulnerability via CSRF. Verify the plugin source on wordpress.org for the most recent version and follow the update instructions provided by the developer. Consider implementing additional security measures, such as input validation and data sanitization, to prevent future vulnerabilities.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-30528 is a critical SQL Injection vulnerability affecting the Awesome Logos WordPress plugin, allowing attackers to potentially extract or modify database data.
If you are using Awesome Logos version 0.0.0 through 1.2, you are affected by this vulnerability. Upgrade immediately.
Upgrade the Awesome Logos plugin to version 1.2.1 or later to resolve the SQL Injection vulnerability. Consider WAF rules as a temporary mitigation.
While no public exploits are currently known, the potential for exploitation is significant due to the ease of CSRF exploitation and the severity of SQL injection.
Refer to the Awesome Logos plugin developer's website or WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.