7.5
CVE-2024-13534 - Small Package Quotes β Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection
The Small Package Quotes β Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation onβ¦
7.5
CVE-2024-13533 - Small Package Quotes β USPS Edition <= 1.3.5 - Unauthenticated SQL Injection
The Small Package Quotes β USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes iβ¦
7.5
CVE-2024-13483 - LTL Freight Quotes β SAIA Edition <= 2.2.10 - Unauthenticated SQL Injection
The LTL Freight Quotes β SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing Sβ¦
7.5
CVE-2024-13491 - Small Package Quotes β For Customers of FedEx <= 4.3.1 - Unauthenticated SQL Injection
The Small Package Quotes β For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on theβ¦
7.5
CVE-2024-13481 - LTL Freight Quotes β R+L Carriers Edition <= 3.3.4 - Unauthenticated SQL Injection
The LTL Freight Quotes β R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exiβ¦
7.5
CVE-2024-13485 - LTL Freight Quotes β ABF Freight Edition <= 3.3.7 - Unauthenticated SQL Injection
The LTL Freight Quotes β ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exisβ¦
7.5
CVE-2024-13479 - LTL Freight Quotes β SEFL Edition <= 3.2.4 - Unauthenticated SQL Injection
The LTL Freight Quotes β SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQβ¦
5.3
CVE-2025-0968 - ElementsKit Elementor addons <= 3.4.0 - Unauthenticated Information Exposure via get_megamenu_conteβ¦
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function. This makes it possible for unauthenticated attackers to view any item createdβ¦
7.5
CVE-2024-13478 - LTL Freight Quotes β TForce Edition <= 3.6.4 - Unauthenticated SQL Injection
The LTL Freight Quotes β TForce Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing β¦
7.2
CVE-2025-0916 - YaySMTP 2.4.9 - 2.6.2 - Unauthenticated Stored Cross-Site Scripting
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated β¦