Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-19 | CVE-2024-13483 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – SAIA Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-19 | CVE-2024-13485 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – ABF Freight Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-19 | CVE-2024-13491 | SQL Injection vulnerability in Eniture Small Package Quotes The Small Package Quotes – For Customers of FedEx plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-19 | CVE-2024-13533 | SQL Injection vulnerability in Eniture Small Package Quotes The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-19 | CVE-2024-13534 | SQL Injection vulnerability in Eniture Small Package Quotes The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-19 | CVE-2024-13489 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – Old Dominion Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-19 | CVE-2025-1132 | SQL Injection vulnerability in Churchcrm A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. | 8.8 |
| 2025-02-19 | CVE-2025-1133 | SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees functionality. | 7.2 |
| 2025-02-19 | CVE-2025-1134 | SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. | 7.2 |
| 2025-02-19 | CVE-2025-1135 | SQL Injection vulnerability in Churchcrm A vulnerability exists in ChurchCRM 5.13.0. | 7.2 |