CVE-2025-24667

{"id": "CVE-2025-24667", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}]}, "published": "2025-01-27T15:15:15.563", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-plugin-5-2-17-sql-injection-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes \u2013 Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes \u2013 Worldwide Express Edition: from n/a through 5.2.17."}], "lastModified": "2025-01-27T15:15:15.563", "sourceIdentifier": "audit@patchstack.com"}