CVE-2025-30633 PUBLISHED

WordPress Amazon Native Shopping Recommendations Plugin <= 1.3 - SQL Injection Vulnerability

Assigner: Patchstack
Reserved: 24.03.2025 Published: 05.01.2026 Updated: 05.01.2026

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
CVSS Score: 9.3

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	AA-Team
Product	Amazon Native Shopping Recommendations
Versions	Default: unaffected affected from n/a to 1.3 (incl.)

Credits

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program finder

References

https://vdp.patchstack.com/database/wordpress/plugin/woozone-contextual/vulnerability/wordpress-amazon-native-shopping-recommendations-plugin-1-3-sql-injection-vulnerability?_s_id=cve

Problem Types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE

Impacts

CAPEC-66 SQL Injection