CVE-2025-30604: WordPress JiangQie Official Website Mini Program plugin <= 1.8.2 - SQL Injection Vulnerability
First published: Mon Mar 24 2025(Updated: )
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jiangqie JiangQie Official Website Mini Program allows Blind SQL Injection. This issue affects JiangQie Official Website Mini Program: from n/a through 1.8.2.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=1.8.2 | ||
| <=1.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-30604?
CVE-2025-30604 is classified as a medium severity vulnerability due to its potential for exploitation through blind SQL injection.
How do I fix CVE-2025-30604?
To fix CVE-2025-30604, upgrade the JiangQie Official Website Mini Program to version 1.8.3 or later.
What types of attacks can CVE-2025-30604 allow?
CVE-2025-30604 allows attackers to perform blind SQL injection attacks, potentially exposing sensitive data.
Which versions of JiangQie Official Website Mini Program are affected by CVE-2025-30604?
CVE-2025-30604 affects all versions of JiangQie Official Website Mini Program up to and including version 1.8.2.
Is CVE-2025-30604 specific to any platforms?
Yes, CVE-2025-30604 specifically affects the JiangQie Official Website Mini Program and its WordPress plugin.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/jiangqie
- vendor/wordpress