CVE-2025-0853 is a SQL Injection vulnerability identified in the PGS Core plugin for WordPress, specifically within the 'save_header_builder' function that processes the 'event' parameter. The vulnerability arises due to improper neutralization of special elements in SQL commands (CWE-89), where user-supplied input is insufficiently escaped and the SQL query lacks proper preparation or parameterization. This flaw enables unauthenticated remote attackers to append arbitrary SQL queries to existing database commands, potentially allowing them to extract sensitive information such as user credentials, configuration data, or other confidential records stored in the WordPress database. The vulnerability affects all versions up to and including 5.8.0 of the plugin. The CVSS 3.1 base score is 7.5 (high), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and a confidentiality impact without integrity or availability impact. No known public exploits have been reported yet, but the vulnerability's nature and ease of exploitation make it a critical concern for affected sites. The lack of a patch or update at the time of publication necessitates immediate attention from administrators to prevent exploitation.

The primary impact of CVE-2025-0853 is the unauthorized disclosure of sensitive data from the WordPress database, which can include user information, authentication credentials, and site configuration details. This breach of confidentiality can lead to further attacks such as account takeover, privilege escalation, or targeted phishing campaigns. Since the vulnerability does not affect data integrity or availability, it does not directly enable data modification or denial of service. However, the exposure of sensitive data can severely damage organizational reputation, lead to regulatory non-compliance, and cause financial losses. Given that WordPress powers a significant portion of websites globally and PGS Core is a popular plugin, many organizations worldwide could be at risk, especially those that have not updated or mitigated this vulnerability. The ease of exploitation without authentication or user interaction increases the threat level, making automated scanning and exploitation plausible by attackers.

1. Immediately disable the PGS Core plugin if it is not essential to website functionality to prevent exploitation. 2. Monitor official channels from Potenza Global Solutions for security patches or updates addressing this vulnerability and apply them promptly once available. 3. Implement Web Application Firewall (WAF) rules that specifically detect and block SQL injection attempts targeting the 'event' parameter in the 'save_header_builder' function. 4. Employ input validation and sanitization at the application level to reject suspicious or malformed input before it reaches the database layer. 5. Regularly audit and monitor database access logs for unusual queries or patterns indicative of injection attempts. 6. Restrict database user permissions to the minimum necessary to limit the impact of any successful injection. 7. Conduct security awareness training for administrators to recognize signs of compromise and understand the importance of timely patching. 8. Consider deploying runtime application self-protection (RASP) tools that can detect and block injection attacks in real time. These steps go beyond generic advice by focusing on immediate risk reduction and layered defenses until a vendor patch is available.