CVE-2024-13477

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 12, 2025

Updated: Feb 25, 2025

CWE ID 89

Summary

CVE-2024-13477 is a newly disclosed vulnerability affecting the LTL Freight Quotes – Unishippers Edition plugin for WordPress. The issue, present in versions up to 2.5.8, stems from insufficient escaping of user-supplied data in the 'edit_id' parameter. Attackers can exploit this vulnerability by appending additional SQL queries to existing ones, enabling them to extract sensitive information from the database without authentication. The lack of sufficient preparation on the existing SQL queries exacerbates the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Ltl Freight Quotes Plugin

Affected Vendors

WordPress

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2iDHQK
https://www.cve.org/CVERecord?id=CVE-2024-13477
https://nvd.nist.gov/vuln/detail/CVE-2024-13477

Back to Vulnerability Database