SQL Injection Risk in LTL Freight Quotes Plugin by WordPress
CVE-2024-13489
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 19 February 2025
Badges
What is CVE-2024-13489?
The LTL Freight Quotes β Old Dominion Edition plugin for WordPress is affected by a SQL Injection vulnerability through the 'edit_id' and 'dropship_edit_id' parameters. This flaw arises from inadequate escaping of user-supplied data and insufficient preparation of SQL queries. As a result, unauthenticated attackers could manipulate these parameters to inject malicious SQL queries, potentially gaining access to sensitive data stored within the database. All versions up to and including 4.2.10 are susceptible, necessitating immediate updates for mitigation.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
LTL Freight Quotes β Old Dominion Edition * <= 4.2.10
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved