First published: Thu Mar 27 2025(Updated: )
Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup allows Stored XSS. This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a through 5.25.08.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
EZ SQL Reports Shortcode Widget and DB Backup | <=5.25.08 | |
WordPress Database Backup | <=5.25.08 |
Update the WordPress EZ SQL Reports Shortcode Widget and DB Backup plugin to the latest available version (at least 5.25.10).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2025-30787 is classified as high due to its potential for enabling stored cross-site scripting (XSS) attacks.
To fix CVE-2025-30787, update the EZ SQL Reports Shortcode Widget and DB Backup to version 5.25.09 or later.
CVE-2025-30787 affects versions of the EZ SQL Reports Shortcode Widget and DB Backup up to and including 5.25.08.
CVE-2025-30787 can allow attackers to perform cross-site request forgery, potentially leading to stored XSS and compromising user data.
Yes, a patch has been released in version 5.25.09 to address the vulnerability in CVE-2025-30787.