CVE-2024-13475

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 12, 2025

Updated: Feb 25, 2025

CWE ID 89

Summary

CVE-2024-13475 is a vulnerability affecting the Small Package Quotes – UPS Edition plugin for WordPress. The issue arises from insufficient escaping of user-supplied data in the 'edit_id' parameter, combined with a lack of preparation of existing SQL queries. This combination creates an SQL Injection vulnerability, allowing unauthenticated attackers to inject additional SQL queries into existing ones. The result is the extraction of sensitive information from the database. Versions up to and including 4.5.16 of this plugin are impacted.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2iDFuD
https://www.cve.org/CVERecord?id=CVE-2024-13475
https://nvd.nist.gov/vuln/detail/CVE-2024-13475

Back to Vulnerability Database

CVE-2024-13475

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations