Stored Cross-Site Scripting Vulnerability in LTL Freight Quotes Plugins for WordPress
CVE-2025-5303

7.2HIGH

Key Information:

Vendor

WordPress
Status
Ltl Freight Quotes – Freightview Edition
Ltl Freight Quotes – Day & Ross Edition
Ltl Freight Quotes – Daylight Edition
Vendor
CVE Published:
7 June 2025

What is CVE-2025-5303?

The LTL Freight Quotes plugins for WordPress are susceptible to a Stored Cross-Site Scripting issue. This vulnerability stems from inadequate input sanitization and output escaping, particularly concerning the expiry_date parameter in versions up to 1.0.11, 2.2.6, and 2.1.10 respectively. As a result, unauthorized attackers can inject harmful scripts that execute on user access, potentially compromising user sessions and sensitive information.

Affected Version(s)

LTL Freight Quotes – Day & Ross Edition * <= 2.1.10

LTL Freight Quotes – Daylight Edition * <= 2.2.6

LTL Freight Quotes – Freightview Edition * <= 1.0.11

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/ltl-freight-qu...
https://plugins.trac.wordpress.org/browser/ltl-freight-qu...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dzmitry Sviatlichny
.
The Cyber Security Vulnerability Database.