Eniture Technology Small Package Quotes – Worldwide Express Edition
Moderate fix1 remedy
cpe:2.3:a:eniture:small_package_quotes:*:*:*:*:wordpress:*:*, +1 more
Moderate fix1 remedy
- <= 5.2.18
Small Package Quotes WordPress Plugin Unauthenticated SQL Injection Vulnerability
Vulnerability
Patched
A SQL injection vulnerability has been identified in the Small Package Quotes – Worldwide Express Edition plugin for WordPress, affecting all versions through 5.2.18. The vulnerability arises from inadequate escaping of user-supplied parameters in the 'edit_id' and 'dropship_edit_id' fields, allowing unauthenticated attackers to inject additional SQL queries. This exploitation could lead to the extraction of sensitive information from the database.
Impact
Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to access or modify database information. In this case, it could be used to extract sensitive data from the database.
Reproduction
The vulnerability can be reproduced by sending a request to the WordPress site with the 'edit_id' or 'dropship_edit_id' parameters. These parameters can be injected with malicious SQL code that exploits the vulnerability by appending to the existing SQL query. This can be done using a tool like Burp Suite or by manually crafting the request to include the SQL injection payload.
Remediation
Users are advised to update the Small Package Quotes – Worldwide Express Edition plugin to version 5.2.19 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
9.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.