Platform
wordpress
Component
amazon-native-shopping-recommendations
Fixed in
1.3.1
CVE-2025-30633 describes a SQL Injection vulnerability discovered in AA-Team Amazon Native Shopping Recommendations. This flaw allows attackers to inject malicious SQL code, potentially compromising sensitive data and system integrity. The vulnerability impacts versions from n/a up to, but not including, version 1.3.1. A patch is available in version 1.3.1.
Successful exploitation of this SQL Injection vulnerability could grant an attacker unauthorized access to the underlying database. This could lead to the exfiltration of sensitive customer data, including personal information, order details, and payment information. Depending on the database schema and permissions, an attacker might also be able to modify data, execute arbitrary commands on the server, or even gain complete control of the WordPress installation. The potential blast radius is significant, particularly if the database contains sensitive information or is connected to other critical systems. This vulnerability shares similarities with other SQL Injection attacks, where attackers leverage improper input validation to manipulate database queries.
CVE-2025-30633 was publicly disclosed on 2026-01-05. The CVSS score of 9.3 (CRITICAL) indicates a high probability of exploitation. Currently, there are no known active campaigns targeting this vulnerability, but the availability of a public SQL Injection vulnerability significantly increases the risk of exploitation. No KEV listing is present as of this writing.
Exploit Status
EPSS
0.03% (7% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-30633 is to immediately upgrade Amazon Native Shopping Recommendations to version 1.3.1 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These might include restricting access to the vulnerable endpoint through a Web Application Firewall (WAF) or proxy server, configuring strict input validation rules to sanitize user-supplied data, and carefully reviewing database permissions to limit the potential impact of a successful attack. Monitor WordPress logs for suspicious SQL queries or unusual database activity. After upgrading, confirm the fix by attempting a SQL Injection attack on the vulnerable endpoint and verifying that it is properly blocked.
Actualice el plugin Amazon Native Shopping Recommendations a la última versión disponible para mitigar la vulnerabilidad de inyección SQL. Verifique la página del plugin en WordPress.org para obtener la versión más reciente y las instrucciones de actualización. Considere implementar medidas de seguridad adicionales, como la validación de entradas y el saneamiento de consultas SQL, para prevenir futuras vulnerabilidades.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-30633 is a critical SQL Injection vulnerability affecting AA-Team Amazon Native Shopping Recommendations versions before 1.3.1, allowing attackers to inject malicious SQL code.
You are affected if you are using Amazon Native Shopping Recommendations versions prior to 1.3.1. Check your plugin version and upgrade immediately if necessary.
Upgrade to version 1.3.1 or later. If immediate upgrade isn't possible, implement temporary workarounds like WAF rules and input validation.
While no active campaigns are currently known, the vulnerability's public disclosure increases the risk of exploitation. Continuous monitoring is recommended.
Refer to the AA-Team's official website or WordPress plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.