AA-Team Amazon Native Shopping Recommendations CVE-2025-30633
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3.
AnalysisAI
Amazon Native Shopping Recommendations WordPress plugin (through 1.3) contains SQL injection that allows unauthenticated attackers to extract database contents with scope change. Abandoned plugin with no expected patch.
Technical ContextAI
The plugin fails to parameterize user input in SQL queries (CWE-89). The scope change (S:C) indicates the attacker can impact resources beyond the vulnerable component, potentially accessing the entire WordPress database including user credentials and other plugins' data.
Affected ProductsAI
Amazon Native Shopping Recommendations WordPress plugin through 1.3
RemediationAI
Remove this plugin immediately – it appears abandoned with no patch expected. Audit database for signs of extraction. Reset all user passwords.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today