CVE-2025-24612 Information

Description

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in MORKVA Shipping for Nova Poshta allows SQL Injection. This issue affects Shipping for Nova Poshta: from n/a through 1.19.6.

Reference

https://patchstack.com/database/wordpress/plugin/nova-poshta-ttn/vulnerability/wordpress-shipping-for-nova-poshta-plugin-1-19-6-sql-injection-vulnerability?_s_id=cve