Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3.
Published: 2026-01-05
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of special elements used in an SQL command allows attackers to inject arbitrary SQL via the Amazon Native Shopping Recommendations plugin. This flaw can enable reading, modifying, or deleting database records, potentially exposing sensitive information such as user data, orders, or site configuration. The vulnerability aligns with CWE‑89 and can be leveraged to execute commands against the WordPress database from an external vector that the plugin processes.

Affected Systems

WordPress installations that employ the AA‑Team Amazon Native Shopping Recommendations plugin, specifically any version up to and including 1.3. Sites that rely on this plugin for product recommendations are at risk if the plugin remains at an affected version.

Risk and Exploitability

The CVSS score of 9.3 marks this as a high‑severity flaw. The EPSS score of less than 1% suggests that exploit attempts are currently rare, and the vulnerability is not listed in the CISA KEV catalog, indicating no widely known public exploits. However, the attack vector is likely a web‑based request that the plugin accepts, and because the plugin may be used by many WordPress sites, the potential for successful exploitation remains significant if any user input is reflected in SQL queries.

Generated by OpenCVE AI on April 30, 2026 at 14:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Amazon Native Shopping Recommendations plugin to the latest release that incorporates the SQL‑injection fix.
  • If an upgrade is not possible, disable or remove the plugin until a patched version is available.
  • Limit the database user permissions to only the roles required for WordPress operation, ensuring the plugin cannot use higher‑level privileges than necessary.

Generated by OpenCVE AI on April 30, 2026 at 14:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations woozone-contextual allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through <= 1.3. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3.
References

Thu, 23 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations woozone-contextual allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through <= 1.3.
References

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Tue, 06 Jan 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Tue, 06 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 05 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Native Shopping Recommendations allows SQL Injection.This issue affects Amazon Native Shopping Recommendations: from n/a through 1.3.
Title WordPress Amazon Native Shopping Recommendations Plugin <= 1.3 - SQL Injection Vulnerability
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:56.715Z

Reserved: 2025-03-24T13:01:06.202Z

Link: CVE-2025-30633

cve-icon Vulnrichment

Updated: 2026-01-05T19:49:40.489Z

cve-icon NVD

Status : Deferred

Published: 2026-01-05T11:17:40.183

Modified: 2026-04-28T19:30:21.440

Link: CVE-2025-30633

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:30:06Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')