3 matches found
CVE-2024-13475
creationtimestamp| type| source ---|---|--- 2025-02-12 09:58:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113990323144317416 2025-02-12 10:16:04+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxwxdskd32a 2025-02-12 11:11:09+00:00| seen|...
CVE-2024-13475
CVE-2024-13475 affects the WordPress plugin Small Package Quotes – UPS Edition . The vulnerability is an unauthenticated SQL Injection via the parameter named edit_id in all versions up to and including 4.5.16 , caused by insufficient escaping of user input and lack of proper query preparation. A...
CVE-2024-13475 Small Package Quotes – UPS Edition <= 4.5.16 - Unauthenticated SQL Injection
The Small Package Quotes – UPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'editid' parameter in all versions up to, and including, 4.5.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...