GCVE - cpe:2.3:a:enituretechnology:small_package_quotes_–_worldwide_express

Approved changes feed: RSS · Atom

cpe:2.3:a:enituretechnology:small_package_quotes_–_worldwide_express_edition:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Enituretechnology (`86c8c1a1-4b5e-5497-9fe2-59a40ac10589`)
Product	Small Package Quotes – Worldwide Express Edition (`65e614de-0d8d-5c07-bb45-bd5ffd2bda25`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-31078`	vulnerable	2026-06-03 15:00:30.165776	WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.18 - Reflected Cross Site Scripting (XSS) vulnerability HIGH (7.1) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Reflected XSS.This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through <= 5.2.18. Published: 2025-04-01T20:58:08.419Z Updated: 2026-04-28T16:12:04.854Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-worldwide-express-edition-plugin-5-2-18-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-30915`	vulnerable	2026-06-03 15:00:29.830070	WordPress Small Package Quotes – Worldwide Express Edition plugin <= 5.2.19 - Broken Access Control vulnerability MEDIUM (6.5) Missing Authorization vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through <= 5.2.19. Published: 2025-04-03T13:27:09.004Z Updated: 2026-04-28T16:12:00.327Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-worldwide-express-edition-plugin-5-2-19-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-27268`	vulnerable	2026-06-03 15:00:11.984209	WordPress Small Package Quotes – Worldwide Express Edition Plugin <= 5.2.18 - SQL Injection vulnerability CRITICAL (9.3) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows SQL Injection.This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through <= 5.2.18. Published: 2025-03-03T13:30:29.790Z Updated: 2026-04-28T16:11:46.670Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-worldwide-express-edition-plugin-5-2-18-sql-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-24667`	vulnerable	2026-06-03 14:59:56.581612	WordPress Small Package Quotes Plugin <= 5.2.17 - SQL Injection vulnerability CRITICAL (9.3) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition small-package-quotes-wwe-edition allows SQL Injection.This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through <= 5.2.17. Published: 2025-01-27T14:22:17.046Z Updated: 2026-04-28T16:11:31.706Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-plugin-5-2-17-sql-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-13534`	vulnerable	2026-06-03 14:54:24.862011	Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection HIGH (7.5) The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. CVE-2025-27268 is likely a duplicate of this issue. Published: 2025-02-19T11:10:42.112Z Updated: 2026-04-08T17:32:11.697Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/f0235347-75ef-458e-97ec-bb9b00e1f9de?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3241919%40small-package-quotes-wwe-edition&new=3241919%40small-package-quotes-wwe-edition&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Small Package Quotes – Worldwide Express Edition

PURL mappings

Vulnerability references

Contribute