CVE-2025-30879: 
WordPress vulnerability analysis and mitigation

An SQL Injection vulnerability (CVE-2025-30879) was discovered in moreconvert MC Woocommerce Wishlist plugin affecting versions through 1.8.9. The vulnerability was reported by Phan Trong Quan from VNPT Cyber Immunity and disclosed on March 27, 2025. This security flaw allows SQL Injection attacks in the MC Woocommerce Wishlist WordPress plugin (Patchstack).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (CWE-89). It received a CVSS v3.1 Base Score of 7.6 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L. The vulnerability requires administrator privileges to exploit (Patchstack).

This vulnerability could allow a malicious actor to directly interact with the database, potentially leading to unauthorized access to sensitive information. The high CVSS score indicates significant potential impact, particularly concerning data confidentiality (Patchstack).

The vulnerability has been fixed in version 1.9.0 of the MC Woocommerce Wishlist plugin. Users are advised to update to version 1.9.0 or later to remove the vulnerability. Patchstack users can enable auto-update functionality for vulnerable plugins (Patchstack).