CVE-2024-13474

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 22, 2025

CWE ID 89

Summary

CVE-2024-13474 is a vulnerability affecting the LTL Freight Quotes – Purolator Edition plugin for WordPress. Maliciously crafted SQL queries can be injected through the 'dropship_edit_id' and 'edit_id' parameters due to insufficient escaping and preparation of user-supplied data. Unauthenticated attackers can exploit this vulnerability to extract sensitive information from the database, posing a significant risk to websites using the affected plugin version 2.2.3 and below.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ltl Freight Quotes Plugin

Affected Vendors

WordPress

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2iCREo
https://www.cve.org/CVERecord?id=CVE-2024-13474
https://nvd.nist.gov/vuln/detail/CVE-2024-13474

Back to Vulnerability Database