CVE-2024-13476

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 20, 2025

Updated: Feb 25, 2025

CWE ID 89

Summary

CVE-2024-13476 is a vulnerability affecting the LTL Freight Quotes – GlobalTranz Edition plugin for WordPress. In all versions up to 2.3.11, this plugin is susceptible to SQL Injection attacks. Unauthenticated attackers can exploit insufficient escaping on user-supplied parameters and the lack of proper preparation of existing SQL queries. By appending additional SQL queries, they can extract sensitive information from the database, posing a significant risk to WordPress sites using this plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ltl Freight Quotes Plugin

Affected Vendors

WordPress

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2iDFuJ
https://www.cve.org/CVERecord?id=CVE-2024-13476
https://nvd.nist.gov/vuln/detail/CVE-2024-13476

Back to Vulnerability Database