CVE-2025-0853 is a high-severity SQL Injection vulnerability affecting the PGS Core plugin for WordPress, developed by Potenza Global Solutions. The vulnerability exists in all versions up to and including 5.8.0, specifically within the 'save_header_builder' function. The flaw arises due to improper neutralization of special elements in the 'event' parameter, which is user-supplied and insufficiently escaped. This lack of proper input sanitization and query preparation allows unauthenticated attackers to inject arbitrary SQL commands appended to existing queries. Consequently, attackers can extract sensitive information from the underlying database without requiring authentication or user interaction. The vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), indicating a classic SQL injection scenario. The CVSS v3.1 base score is 7.5 (high), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and a significant confidentiality impact, while integrity and availability remain unaffected. No known exploits are currently reported in the wild, but the vulnerability's nature and ease of exploitation make it a critical concern for WordPress sites using this plugin. The absence of a patch at the time of disclosure further elevates the risk for affected installations.

For European organizations, this vulnerability poses a significant risk, especially for those relying on WordPress websites with the PGS Core plugin installed. Exploitation can lead to unauthorized disclosure of sensitive data stored in the website's database, such as user credentials, personal data, or business-critical information. This breach of confidentiality could result in regulatory non-compliance under GDPR, leading to legal penalties and reputational damage. Additionally, data leakage could facilitate further attacks like phishing or identity theft. Since the vulnerability requires no authentication or user interaction, attackers can remotely exploit it at scale, increasing the threat surface. E-commerce, government, healthcare, and financial sectors in Europe, which often use WordPress for their web presence, are particularly vulnerable. The lack of integrity or availability impact reduces the risk of defacement or denial of service but does not diminish the severity of data exposure. The vulnerability's presence in a widely used CMS plugin amplifies the potential for widespread exploitation across European organizations.

Immediate mitigation should focus on updating the PGS Core plugin to a version that addresses this vulnerability once available. Until a patch is released, organizations should implement Web Application Firewall (WAF) rules to detect and block suspicious SQL injection patterns targeting the 'event' parameter in the 'save_header_builder' function. Employing input validation and sanitization at the application layer can help reduce risk. Restricting database user permissions to the minimum necessary can limit data exposure if exploitation occurs. Regularly monitoring web server and application logs for unusual query patterns or error messages related to SQL injection attempts is critical. Organizations should also conduct security audits of their WordPress installations and plugins to identify and remediate similar vulnerabilities proactively. Finally, maintaining regular backups of website data ensures recovery capability in case of compromise.