SQL Injection Vulnerability in Amazon Affiliates Addon for WPBakery Page Builder
CVE-2025-30628

8.5HIGH

Key Information:

Vendor: WordPress
Status: Amazon Affiliates Addon For WPbakery Page Builder (formerly Visual Composer)
Vendor: CVE Published:; 31 December 2025

What is CVE-2025-30628?

An SQL Injection vulnerability has been identified in the Amazon Affiliates Addon for WPBakery Page Builder, which allows attackers to manipulate SQL queries. This can potentially lead to unauthorized access to sensitive data or other malicious activities on affected installations. Users of the Amazon Affiliates Addon from version n/a through 1.2 are advised to ensure their installations are updated to secure against this vulnerability.

Affected Version(s)

Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) <= 1.2

References

https://vdp.patchstack.com/database/wordpress/plugin/azon...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2025
Vulnerability Reserved
Mar 24, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program

JSON