March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Microsoft Windows Vulnerabilities
January 30, 2025Multiple Cisco Products Vulnerabilities
January 30, 2025Multiple Microsoft Windows Vulnerabilities
January 30, 2025Multiple Cisco Products Vulnerabilities
January 30, 2025
Severity
High
Analysis Summary
CVE-2025-23982 CVSS:7.1
Missing Authorization vulnerability in Marian Kanev Cab fare calculator allows Stored XSS. This issue affects Cab fare calculator: from n/a through 1.1.
CVE-2025-24734 CVSS:7.1
Missing Authorization vulnerability in CodeSolz Better Find and Replace allows Privilege Escalation. This issue affects Better Find and Replace: from n/a through 1.6.7.
CVE-2025-24708 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms allows Reflected XSS. This issue affects WP Dynamics CRM for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms: from n/a through 1.1.6.
CVE-2025-24680 CVSS:7.1
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WpMultiStoreLocator WP Multi Store Locator allows Reflected XSS. This issue affects WP Multi Store Locator: from n/a through 2.4.7.
CVE-2025-24667 CVSS:9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edition: from n/a through 5.2.17.
CVE-2025-24671 CVSS:9.8
Deserialization of Untrusted Data vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Object Injection. This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 4.4.0.
CVE-2025-24626 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Music Store allows Reflected XSS. This issue affects Music Store: from n/a through 1.1.19.
CVE-2025-24665 CVSS:9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Small Package Quotes – Unishippers Edition allows SQL Injection. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.8.
Impact
- Cross-Site Scripting
- Privilege Escalation
- Data Manipulation
Indicators of Compromise
CVE
CVE-2025-23982
CVE-2025-24734
CVE-2025-24708
CVE-2025-24680
CVE-2025-24667
CVE-2025-24671
CVE-2025-24626
CVE-2025-24665
Affected Vendors
- WordPress
Affected Products
- Marian Kanev Cab fare calculator - n/a
- CodeSolz Better Find and Replace - n/a
- WpMultiStoreLocator WP Multi Store Locator - n/a
- Eniture Technology Small Package Quotes – Worldwide Express Edition - n/a
- Pdfcrowd Save as PDF plugin by Pdfcrowd - n/a
- CodePeople Music Store - n/a
- Eniture Technology Small Package Quotes – Unishippers Edition - n/a
Remediation
Upgrade to the latest version of the WordPress plugin, available from the WordPress Plugin Directory.