cleantalk
Vulnerabilities and Security Researches

Small Package Quotes – USPS Edition, CVE-2024-13533

CVE, Research URL

CVE-2024-13533

Home page URL

Security reports for Small Package Quotes – USPS Edition

Application

Small Package Quotes – USPS Edition

Published on
Feb 19, 2025
Research Description
The Small Package Quotes – USPS Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' parameter in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
Min -, max 1.3.6.
Status
vulnerable
Previous vulnerability researches
Small Package Quotes – USPS Edition (CVE-2025-58218) , Aug 30, 2025
Small Package Quotes – USPS Edition (CVE-2024-13533) , Feb 20, 2025
New vulnerability
TablePress – Tables in WordPress made easy (CVE-2025-9500) , Sep 02, 2025
Chatbox Manager (CVE-2025-58211) , Sep 02, 2025
WooCommerce Payment Gateway for Saferpay (CVE-2025-48317) , Sep 02, 2025
iATS Online Forms (CVE-2025-9441) , Sep 02, 2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage (CVE-2025-53328) , Sep 02, 2025