SQL Injection Vulnerability in Gopiplus Cool Fade Popup by Gopiplus
CVE-2025-30947

8.5HIGH

Key Information:

Vendor: WordPress
Status: Cool Fade Popup
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-30947?

The Gopiplus Cool Fade Popup is susceptible to SQL injection due to improper neutralization of special elements within SQL commands. This vulnerability permits attackers to execute untrusted SQL commands and potentially retrieve sensitive data from the database. Affected versions range from n/a through 10.1, making it critical for users to update their plugins to mitigate this security risk.

Affected Version(s)

Cool fade popup <= 10.1

References

https://patchstack.com/database/wordpress/plugin/cool-fad...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Peter Thaleikis (Patchstack Alliance)