Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-19 CVE-2024-13479 The LTL Freight Quotes – SEFL Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 3.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-19 CVE-2024-13481 The LTL Freight Quotes – R+L Carriers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-19 CVE-2024-13483 The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-19 CVE-2024-13485 The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-19 CVE-2024-13491 The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-19 CVE-2024-13533 The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-19 CVE-2024-13534 The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5
2025-02-19 CVE-2025-0916 The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2025-02-19 CVE-2025-0968 The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.0 due to a missing capability checks on the get_megamenu_content() function.
network
low complexity
CWE-284
5.3
5.3
2025-02-19 CVE-2024-13489 The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
CWE-89
7.5
7.5