PT-2025-54445 · WordPress+1 · Aa-Team Amazon Affiliates Addon For Wpbakery Page Builder+2

Tran Nguyen Bao Khanh

Published

2025-12-31

Updated

2025-12-31

CVE-2025-30628

CVSS v3.1

8.5

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions AA-Team Amazon Affiliates Addon for WPBakery Page Builder versions n/a through 1.2

Description An issue exists in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) that allows for SQL Injection. This occurs due to improper neutralization of special elements used in an SQL command. The vulnerability enables attackers to inject malicious code.

Recommendations Versions prior to 1.3 need to be updated.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-30628

Affected Products

Aa-Team Amazon Affiliates Addon For Wpbakery Page Builder

Visual Composer

Wpbakery Page Builder

CVE-2025-30628

Weakness Enumeration

Related Identifiers

Affected Products

References · 8