CVE-2025-30998: 
WordPress vulnerability analysis and mitigation

A SQL Injection vulnerability was discovered in the WP Links Page WordPress plugin versions 4.9.6 and earlier. The vulnerability was identified on July 22, 2025, and assigned CVE-2025-30998. This security flaw affects WordPress installations with the WP Links Page plugin installed and requires an authenticated user with at least Subscriber privileges to exploit (Patchstack, Wordfence).

The vulnerability has been assigned a CVSS score of 8.5 (High), indicating its severe nature. It is classified as a SQL Injection vulnerability, which falls under the OWASP Top 10 category A3: Injection. The flaw requires an authenticated user with at least Subscriber-level privileges to exploit (Patchstack).

This vulnerability could allow malicious actors to directly interact with the website's database, potentially leading to unauthorized access to sensitive information, data manipulation, and possible database compromise. The high CVSS score indicates that this vulnerability is considered highly dangerous and is expected to become mass exploited (Patchstack).

Currently, there is no official patch available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the virtual patch immediately or consider temporarily disabling the plugin if possible (Patchstack).