CVE-2025-30590: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2025-30590) is an SQL Injection vulnerability discovered in Dourou Flickr set slideshows plugin affecting versions up to 0.9. The vulnerability was disclosed on March 24, 2025, and allows authenticated users with Contributor or higher privileges to perform SQL injection attacks (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) with a CVSS v3.1 base score of 8.5 (HIGH). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). The scope is changed (S:C) with high confidentiality impact (C:H), no integrity impact (I:N), and low availability impact (A:L) (NVD).

The SQL injection vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information and data theft. The high CVSS score indicates significant potential impact, particularly concerning data confidentiality (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The issue affects versions up to 0.9 of the Flickr set slideshows plugin (Patchstack).