CVE-2025-30979

Vulnerability

Overview

The Pixelating image slideshow gallery WordPress plugin, versions up to and including 8.0, contains a SQL Injection vulnerability. The root cause is improper neutralization of special elements used in an SQL command, meaning user-supplied input is not properly sanitized before being incorporated into database queries [1].

Exploitation

Conditions

This vulnerability can be exploited without authentication, making it accessible to any remote attacker. The attack vector is network-based, and no privileged access is required. The low complexity of exploitation increases the risk that this flaw will be targeted in automated mass-exploit campaigns [1].

Impact

Successful exploitation could allow an attacker to directly interact with the underlying database. This could lead to information theft, modification or deletion of data, and other malicious actions that compromise the confidentiality and integrity of the affected WordPress site [1].

Mitigation

Users are strongly advised to update the plugin to a patched version immediately. If an update is not available, administrators should consider temporarily disabling the plugin and consult with their hosting provider or web developer for alternative mitigations [1].