Which Small Package Quotes – Worldwide Express Edition CVEs are tracked?

Small Package Quotes – Worldwide Express Edition tracked CVEs include CVE-2025-27268, CVE-2024-13534, CVE-2025-24667, CVE-2025-31078, and CVE-2025-30915.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 5 known issues Latest disclosed Apr 03, 2025

Small Package Quotes – Worldwide Express Edition Vulnerabilities

Q: How many Small Package Quotes – Worldwide Express Edition vulnerabilities have patch guidance?

5 of 5 tracked Small Package Quotes – Worldwide Express Edition records include a published patch path.

Review known vulnerability records for the WordPress plugin Small Package Quotes – Worldwide Express Edition (`small-package-quotes-wwe-edition`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-30915, CVE-2025-31078 and CVE-2025-27268, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Apr 15, 2026

Priority CVE Quick Links

Fast paths into Small Package Quotes – Worldwide Express Edition CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2025-27268 High 5.2.19

CVE-2025-27268 Small Package Quotes – Worldwide Express Edition SQL Injection

Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection

CVE-2024-13534 High 5.2.19

CVE-2024-13534 Small Package Quotes – Worldwide Express Edition SQL Injection

Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection

CVE-2025-24667 High 5.2.18

CVE-2025-24667 Small Package Quotes – Worldwide Express Edition SQL Injection

Small Package Quotes – Worldwide Express Edition <= 5.2.17 - Unauthenticated SQL Injection

CVE-2025-31078 Medium 5.2.19

CVE-2025-31078 Small Package Quotes – Worldwide Express Edition Cross-Site Scripting

Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Reflected Cross-Site Scripting

CVE-2025-30915 Medium 5.2.20

CVE-2025-30915 Small Package Quotes – Worldwide Express Edition Vulnerability

Small Package Quotes – Worldwide Express Edition <= 5.2.19 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Small Package Quotes – Worldwide Express Edition so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

5 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 3 high severity findings.

Recent CVEs

CVE-2025-30915, CVE-2025-31078 and CVE-2025-27268

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-30915 Medium Patch path listed

CVE-2025-30915: Small Package Quotes – Worldwide Express Edition <= 5.2.19 - Missing Authorization

The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and incl...

Published

Apr 03, 2025

Patch Status

5.2.20

Open CVE-2025-30915 Report

CVE-2025-31078 Medium Patch path listed

CVE-2025-31078: Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Reflected Cross-Site Scripting

The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.2.18 due to insufficient input s...

Published

Apr 01, 2025

Patch Status

5.2.19

Open CVE-2025-31078 Report

CVE-2025-27268 High Patch path listed

CVE-2025-27268: Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection

The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.2.18 due to insufficient escaping on the user sup...

Published

Feb 21, 2025

Patch Status

5.2.19

Open CVE-2025-27268 Report

Known Vulnerabilities

Reports for Small Package Quotes – Worldwide Express Edition

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-30915

CVE-2025-30915: Small Package Quotes – Worldwide Express Edition <= 5.2.19 - Missing Authorization

The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 5.2.19. This makes it possible for unauthenticated attackers to perform an unauthor...

Published

Apr 03, 2025

Patched Release

5.2.20

Affected Versions

Versions up to 5.2.19

Next Step

Update to 5.2.20 or newer if supported.

Open CVE-2025-30915 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-31078

CVE-2025-31078: Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Reflected Cross-Site Scripting

The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to i...

Published

Apr 01, 2025

Patched Release

5.2.19

Affected Versions

Versions up to 5.2.18

Next Step

Update to 5.2.19 or newer if supported.

Open CVE-2025-31078 Report Open CVE Reference

Plugin High Patched: Yes CVE-2025-27268

CVE-2025-27268: Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection

The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

Published

Feb 21, 2025

Patched Release

5.2.19

Affected Versions

Versions up to 5.2.18

Next Step

Update to 5.2.19 or newer if supported.

Open CVE-2025-27268 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-13534

CVE-2024-13534: Small Package Quotes – Worldwide Express Edition <= 5.2.18 - Unauthenticated SQL Injection

The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'edit_id' and 'dropship_edit_id' parameters in all versions up to, and including, 5.2.18 due to insufficient escaping on the user supplied parameter and lack of suffic...

Published

Feb 18, 2025

Patched Release

5.2.19

Affected Versions

Versions up to 5.2.18

Next Step

Update to 5.2.19 or newer if supported.

Open CVE-2024-13534 Report Open CVE Reference

Plugin High Patched: Yes CVE-2025-24667

CVE-2025-24667: Small Package Quotes – Worldwide Express Edition <= 5.2.17 - Unauthenticated SQL Injection

The Small Package Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes i...

Published

Jan 18, 2025

Patched Release

5.2.18

Affected Versions

Versions up to 5.2.17

Next Step

Update to 5.2.18 or newer if supported.

Open CVE-2025-24667 Report Open CVE Reference