CVE-2025-30628
📋 TL;DR
This SQL injection vulnerability in the AA-Team Amazon Affiliates Addon for WPBakery Page Builder allows attackers to execute arbitrary SQL commands through the plugin. It affects WordPress sites using this plugin version 1.2 or earlier. Successful exploitation could lead to database compromise and data theft.
💻 Affected Systems
- AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise allowing data exfiltration, privilege escalation, and potential remote code execution via database functions.
Likely Case
Data theft including user credentials, sensitive content, and plugin/theme configuration data.
If Mitigated
Limited impact if proper input validation and prepared statements are implemented, with database permissions restricted.
🎯 Exploit Status
SQL injection vulnerabilities typically have low exploitation complexity once the injection point is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.1 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Amazon Affiliates Addon for WPBakery Page Builder'. 4. Click 'Update Now' if available. 5. If no update appears, download version 1.2.1+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the plugin until patched
wp plugin deactivate azon-addon-js-composer
Web Application Firewall (WAF)
allImplement WAF rules to block SQL injection patterns
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries in custom code
- Restrict database user permissions to minimum required operations
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'Amazon Affiliates Addon for WPBakery Page Builder' version 1.2 or earlierCheck Version:
wp plugin list --name='azon-addon-js-composer' --field=versionVerify Fix Applied:
Verify plugin version is 1.2.1 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts from single IP
- Unexpected database errors in WordPress debug logs
Network Indicators:
- HTTP requests with SQL keywords in parameters
- Unusual outbound database connections
SIEM Query:
source="web_server" AND ("SELECT" OR "UNION" OR "INSERT" OR "UPDATE" OR "DELETE") AND uri_path="/wp-admin/admin-ajax.php"