The vulnerability CVE-2025-30528 affects the wpshopee Awesome Logos plugin (version <= 1.2) and involves a Cross-Site Request Forgery (CSRF) that enables SQL Injection attacks. This means an attacker can trick an authenticated user into executing unintended SQL commands on the backend database without proper authorization or user interaction safeguards. The CVSS score of 9.3 indicates a critical severity with network attack vector, low attack complexity, no privileges required, no user interaction, and a scope change. The impact is high confidentiality loss and low availability impact. No vendor advisory or patch information is currently available.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL commands on the affected system's database via CSRF, potentially leading to unauthorized data disclosure (high confidentiality impact) and minor disruption of service (low availability impact). The lack of required privileges and user interaction increases the risk of exploitation. However, no known exploits in the wild have been reported at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or removing the affected plugin version or implementing web application firewall (WAF) rules to block CSRF attempts targeting this plugin. Monitor vendor channels for updates and apply patches promptly once released.