CVE-2025-24665 — AI Deep Analysis Summary

🚨 **Essence**: SQL Injection (SQLi) in WordPress plugin 'Small Package Quotes – Unishippers Edition'. 💥 **Consequences**: Attackers can manipulate SQL commands due to improper neutralization of special elements.…

🛡️ **CWE**: CWE-89 (SQL Injection). 🔍 **Flaw**: Improper neutralization of special elements used in an SQL command. The plugin fails to sanitize user inputs before executing database queries.

📦 **Vendor**: enituretechnology. 📉 **Affected Product**: Small Package Quotes – Unishippers Edition. ⚠️ **Version**: 2.4.8 and earlier versions.

🕵️ **Hackers Can**: Extract sensitive database data (High Confidentiality impact). 🔓 **Privileges**: Since it's a SQLi, they may escalate privileges or modify data (Low Integrity/Availability impact per CVSS). 🌐 **Scope*…

🔓 **Auth Required**: No (PR:N - Privileges Required: None). 🖱️ **User Interaction**: None (UI:N). 🌍 **Attack Vector**: Network (AV:N). ✅ **Threshold**: LOW. Easy to exploit remotely without authentication.

📜 **Public Exploit**: The provided data shows empty `pocs` array. 🔗 **References**: Links to Patchstack exist, but no specific PoC code is listed in the data. ⚠️ **Status**: Likely exploitable given CVSS score, but no pu…

🔍 **Self-Check**: Scan for WordPress plugin 'Small Package Quotes – Unishippers Edition'. 📊 **Version Check**: Verify if installed version is ≤ 2.4.8. 🛠️ **Tooling**: Use vulnerability scanners that check for CWE-89 in W…

🛡️ **Official Fix**: The description implies a fix is needed for versions ≤ 2.4.8. 📅 **Published**: 2025-01-27. ✅ **Action**: Update to the latest version released after 2.4.8 to mitigate the SQLi flaw.

🚧 **No Patch Workaround**: If you cannot update immediately: 1. **WAF**: Deploy Web Application Firewall rules to block SQL injection patterns. 2.…

🔥 **Urgency**: HIGH. 📈 **CVSS**: 3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L (Score likely 7.5+ based on vector). 💡 **Priority**: Patch immediately. Remote, unauthenticated SQLi is critical for WordPress sites.