CVE-2025-30788: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the EZ SQL Reports Shortcode Widget and DB Backup WordPress plugin, affecting versions through 5.25.08. The vulnerability was discovered and reported on March 7, 2025, and publicly disclosed on March 27, 2025. This security issue allows SQL Injection attacks through CSRF exploitation (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 8.2 (HIGH), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). The technical nature of the vulnerability involves a CSRF condition that can be leveraged to perform SQL injection attacks, potentially compromising the security of the database (Patchstack).

The vulnerability allows unauthenticated attackers to force higher privileged users to execute unwanted actions under their current authentication. This could potentially lead to unauthorized database access and manipulation through SQL injection attacks (Patchstack).

Users are advised to update to version 5.25.10 or later, which contains the fix for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).