CVE-2025-30784: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2025-30784) is an SQL Injection vulnerability affecting WP Subscription Forms WordPress plugin versions through 1.2.3. The vulnerability was discovered by researcher LVT-tholv2k and was publicly disclosed on March 27, 2025. This security issue allows authenticated users with Contributor-level access or higher to perform SQL injection attacks against the affected WordPress installations (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (CWE-89). It has received a CVSS v3.1 Base Score of 8.5 HIGH with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L. The vulnerability requires authenticated access with Contributor-level privileges or higher to exploit (Patchstack).

If exploited, this SQL injection vulnerability could allow malicious actors to directly interact with the database, potentially leading to unauthorized access to sensitive information. The vulnerability has been rated with a high confidentiality impact and low availability impact (Patchstack).

The vulnerability has been fixed in version 1.2.4 of the WP Subscription Forms plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).