{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24667", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-01-23T14:51:57.435Z", "datePublished": "2025-01-27T14:22:17.046Z", "dateUpdated": "2025-02-12T20:41:35.484Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-01-27T14:22:17.046Z"}, "title": "WordPress Small Package Quotes Plugin <= 5.2.17 - SQL Injection vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "affected": [{"vendor": "Eniture Technology", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "small-package-quotes-wwe-edition", "product": "Small Package Quotes \u2013 Worldwide Express Edition", "versions": [{"lessThanOrEqual": "5.2.17", "status": "affected", "version": "n/a", "versionType": "custom", "changes": [{"at": "5.2.18", "status": "unaffected"}]}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes \u2013 Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes \u2013 Worldwide Express Edition: from n/a through 5.2.17.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes \u2013 Worldwide Express Edition allows SQL Injection.</p><p>This issue affects Small Package Quotes \u2013 Worldwide Express Edition: from n/a through 5.2.17.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-plugin-5-2-17-sql-injection-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 9.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "baseSeverity": "CRITICAL", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "version": "3.1"}}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress Small Package Quotes \u2013 Worldwide Express Edition wordpress plugin to the latest available version (at least 5.2.18)."}], "value": "Update the WordPress Small Package Quotes \u2013 Worldwide Express Edition wordpress plugin to the latest available version (at least 5.2.18)."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Colin Xu (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24667", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-27T15:36:51.330591Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:41:35.484Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes \u2013 Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes \u2013 Worldwide Express Edition: from n/a through 5.2.17."}], "id": "CVE-2025-24667", "lastModified": "2025-01-27T15:15:15.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-01-27T15:15:15.563", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-plugin-5-2-17-sql-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{}