CVE-2025-30523: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability was discovered in Marcel-NL's Super Simple Subscriptions WordPress plugin affecting versions up to 1.1.0. The vulnerability was disclosed on March 24, 2025, and was assigned CVE-2025-30523. This security issue allows authenticated administrators to perform SQL injection attacks against the affected WordPress installations (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) with a CVSS v3.1 base score of 7.6 (HIGH). The attack vector requires high privileges (administrator access) and no user interaction, with the potential for high confidentiality impact and low availability impact (NVD, Patchstack).

The SQL injection vulnerability could allow malicious actors with administrator privileges to directly interact with the database, potentially leading to unauthorized access to sensitive information and data manipulation. The severity is considered high due to the potential for significant data breaches, although the attack requires administrator privileges (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. The issue affects all versions up to and including version 1.1.0 of the Super Simple Subscriptions plugin (Patchstack).