What is the severity of CVE-2025-27268?

CVE-2025-27268 is categorized as a high-severity SQL Injection vulnerability.

How do I fix CVE-2025-27268?

To fix CVE-2025-27268, upgrade the Small Package Quotes – Worldwide Express Edition to version 5.2.19 or later.

Can CVE-2025-27268 lead to data compromise?

Yes, CVE-2025-27268 can lead to unauthorized access to sensitive data through SQL Injection.

Is CVE-2025-27268 present in older versions of the plugin?

Yes, CVE-2025-27268 is present in all versions up to and including 5.2.18 of the plugin.

Vulnerability/
CVE-2025-27268

critical

9.3

CWE

3/3/2025

CVE-2025-27268: WordPress Small Package Quotes – Worldwide Express Edition Plugin <= 5.2.18 - SQL Injection vulnerability

Q: What is CVE-2025-27268 affecting?

CVE-2025-27268 affects the Small Package Quotes – Worldwide Express Edition plugin from versions n/a through 5.2.18.

First published: Mon Mar 03 2025(Updated: )

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.18.

Credit: audit@patchstack.com

Affected Software	Affected Version	How to fix
WordPress Small Package Quotes Plugin	>=n/a<=5.2.18
WordPress Small Package Quotes – Worldwide Express Edition Plugin	<=5.2.18

Remedy

Update the WordPress Small Package Quotes – Worldwide Express Edition wordpress plugin to the latest available version (at least 5.2.19).

Never miss a vulnerability like this again

Reference Links

https://patchstack.com/database/wordpress/plugin/small-package-quotes-wwe-edition/vulnerability/wordpress-small-package-quotes-worldwide-express-edition-plugin-5-2-18-sql-injection-vulnerability?_s_id=cve

Frequently Asked Questions

What is the severity of CVE-2025-27268?
CVE-2025-27268 is categorized as a high-severity SQL Injection vulnerability.
How do I fix CVE-2025-27268?
To fix CVE-2025-27268, upgrade the Small Package Quotes – Worldwide Express Edition to version 5.2.19 or later.
What is CVE-2025-27268 affecting?
CVE-2025-27268 affects the Small Package Quotes – Worldwide Express Edition plugin from versions n/a through 5.2.18.
Can CVE-2025-27268 lead to data compromise?
Yes, CVE-2025-27268 can lead to unauthorized access to sensitive data through SQL Injection.
Is CVE-2025-27268 present in older versions of the plugin?
Yes, CVE-2025-27268 is present in all versions up to and including 5.2.18 of the plugin.

collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/title
agent/remedy
agent/description
agent/first-publish-date
agent/type
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/last-modified-date
agent/source
agent/tags
agent/event
vendor/eniture technology
canonical/wordpress small package quotes plugin
vendor/wordpress
canonical/wordpress small package quotes – worldwide express edition plugin

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.