Request a Demo
Rewterz
Multiple Microsoft Windows Vulnerabilities
January 30, 2025
Rewterz
Multiple Cisco Products Vulnerabilities
January 30, 2025

Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-23982 CVSS:7.1

Missing Authorization vulnerability in Marian Kanev Cab fare calculator allows Stored XSS. This issue affects Cab fare calculator: from n/a through 1.1.

CVE-2025-24734 CVSS:7.1

Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7.

CVE-2025-24708 CVSS:7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Reflected XSS. This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.6.

CVE-2025-24680 CVSS:7.1

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. This issue affects WP Multi Store Locator: from n/a through 2.4.7.

CVE-2025-24667 CVSS:9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.17.

CVE-2025-24671 CVSS:9.8

Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Object Injection. This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.4.0.

CVE-2025-24626 CVSS:7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Music Store allows Reflected XSS. This issue affects Music Store: from n/a through 1.1.19.

CVE-2025-24665 CVSS:9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Unishippers Edition allows SQL Injection. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.8.

Impact

  • Cross-Site Scripting
  • Privilege Escalation
  • Data Manipulation

Indicators of Compromise

CVE

  • CVE-2025-23982

  • CVE-2025-24734

  • CVE-2025-24708

  • CVE-2025-24680

  • CVE-2025-24667

  • CVE-2025-24671

  • CVE-2025-24626

  • CVE-2025-24665

Affected Vendors

  • WordPress

Affected Products

  • Marian Kanev Cab fare calculator - n/a
  • CodeSolz Better Find and Replace - n/a
  • WpMultiStoreLocator WP Multi Store Locator - n/a
  • Eniture Technology Small Package Quotes – Worldwide Express Edition - n/a
  • Pdfcrowd Save as PDF plugin by Pdfcrowd - n/a
  • CodePeople Music Store - n/a
  • Eniture Technology Small Package Quotes – Unishippers Edition - n/a

Remediation

Upgrade to the latest version of the WordPress plugin, available from the WordPress Plugin Directory.

CVE-2025-23982

CVE-2025-24734

CVE-2025-24708

CVE-2025-24680

CVE-2025-24667

CVE-2025-24671

CVE-2025-24626

CVE-2025-24665