6 matches found
CVE-2025-26918
CVE-2025-26918 is a Reflected XSS in the WordPress plugin Small Package Quotes – Unishippers Edition, affecting versions up to 2.4.9. Connected sources corroborate the vulnerability and list a patch as available in newer releases; exploitation would require a crafted input reflected by a web page...
CVE-2024-13532
CVE-2024-13532 affects the Small Package Quotes – Purolator Edition WordPress plugin (versions
CVE-2024-13475
CVE-2024-13475 affects the WordPress plugin Small Package Quotes – UPS Edition . The vulnerability is an unauthenticated SQL Injection via the parameter named edit_id in all versions up to and including 4.5.16 , caused by insufficient escaping of user input and lack of proper query preparation. A...
CVE-2024-13533
CVE-2024-13533 affects the WordPress plugin Small Package Quotes – USPS Edition, Vulnerable via the edit_id parameter. Versions up to and including 1.3.5 suffer SQL Injection due to insufficient escaping and lack of proper preparation in the SQL query, enabling unauthenticated attackers to append...
CVE-2024-13491
CVE-2024-13491 affects the WordPress plugin Small Package Quotes – For Customers of FedEx . The vulnerability is an SQL Injection in parameters edit_id and dropship_edit_id due to insufficient escaping and inadequate preparation of the SQL query. It affects versions up to and including 4.3.1 and ...
CVE-2024-13534
CVE-2024-13534 affects the WordPress plugin “Small Package Quotes – Worldwide Express Edition.” The issue is an unauthenticated SQL Injection via the edit_id and dropship_edit_id parameters in all versions up to and including 5.2.18, stemming from insufficient escaping and inadequate preparation ...