Vulnerabilities > Eniture
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-16 | CVE-2025-22284 | Cross-site Scripting vulnerability in Eniture LTL Freight Quotes Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Unishippers Edition allows Reflected XSS. | 6.1 |
| 2025-02-16 | CVE-2025-22289 | Missing Authorization vulnerability in Eniture LTL Freight Quotes Missing Authorization vulnerability in NotFound LTL Freight Quotes – Unishippers Edition allows Exploiting Incorrectly Configured Access Control Security Levels. | 9.8 |
| 2025-02-12 | CVE-2024-13477 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – Unishippers Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 2.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2025-02-12 | CVE-2024-13480 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – For Customers of FedEx Freight plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.4.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-12 | CVE-2024-13532 | SQL Injection vulnerability in Eniture Small Package Quotes The Small Package Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-12 | CVE-2024-13473 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameter in all versions up to, and including, 5.0.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-12 | CVE-2024-13475 | SQL Injection vulnerability in Eniture Small Package Quotes The Small Package Quotes – UPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 4.5.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2025-02-12 | CVE-2024-13490 | SQL Injection vulnerability in Eniture LTL Freight Quotes The LTL Freight Quotes – XPO Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 4.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |