Cross-Site Request Forgery Vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup
CVE-2025-30787

7.1HIGH

Key Information:

Vendor: Eli
Status: Ez Sql Reports Shortcode Widget And Db Backup
Vendor: CVE Published:; 27 March 2025

What is CVE-2025-30787?

A Cross-Site Request Forgery (CSRF) vulnerability in the Eli EZ SQL Reports Shortcode Widget and DB Backup can lead to the execution of unintended actions on behalf of authenticated users. This flaw allows attackers to exploit the application’s trust in users, potentially resulting in stored cross-site scripting (XSS) attacks. The vulnerability affects the plugin version 5.25.08 and earlier, emphasizing the need for users to ensure their installations are updated to the latest version to mitigate this risk.

Affected Version(s)

EZ SQL Reports Shortcode Widget and DB Backup 0 <= 5.25.08

References

https://patchstack.com/database/Wordpress/Plugin/elisqlre...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Nabil Irawan (Patchstack Alliance)

CVE-2025-30787 Data

JSON