cbcvebase.

Eniture Small Package Quotes vulnerabilities

6 known vulnerabilities affecting eniture/small_package_quotes.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-13533P3HIGHCVSS 7.5fixed in 1.3.62025-02-19
CVE-2024-13533 [HIGH] CWE-89 CVE-2024-13533: The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additi
nvd
CVE-2024-13475P3HIGHCVSS 7.5fixed in 4.5.172025-02-12
CVE-2024-13475 [HIGH] CWE-89 CVE-2024-13475: The Small Package Quotes – UPS Edition plugin for WordPress is vulnerable to SQL Injection via the ' The Small Package Quotes – UPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 4.5.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append addit
nvd
CVE-2024-13491P3HIGHCVSS 7.5fixed in 4.3.22025-02-19
CVE-2024-13491 [HIGH] CWE-89 CVE-2024-13491: The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injectio The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthe
nvd
CVE-2024-13534P3HIGHCVSS 7.5fixed in 5.2.192025-02-19
CVE-2024-13534 [HIGH] CWE-89 CVE-2024-13534: The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injec The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for una
nvd
CVE-2024-13532P3HIGHCVSS 7.5fixed in 3.6.52025-02-12
CVE-2024-13532 [HIGH] CWE-89 CVE-2024-13532: The Small Package Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via The Small Package Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthentica
nvd
CVE-2025-26918P4MEDIUMCVSS 6.1fixed in 2.4.102025-03-03
CVE-2025-26918 [MEDIUM] CWE-79 CVE-2025-26918: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Unishippers Edition small-package-quotes-unishippers-edition allows Reflected XSS.This issue affects Small Package Quotes – Unishippers Edition: from n/a through <= 2.4.9.
nvd
Eniture Small Package Quotes vulnerabilities | cvebase