CVE-2024-13478

Summary

CVE-2024-13478 is a new SQL Injection vulnerability affecting the LTL Freight Quotes – TForce Edition plugin for WordPress. This issue, present in all versions up to 3.6.4, allows unauthenticated attackers to inject additional SQL queries into existing ones through the 'dropship_edit_id' and 'edit_id' parameters. As a result, sensitive information from the database can be extracted. The root cause is insufficient escaping of user-supplied input and inadequate preparation of SQL queries. WordPress users are urged to update to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.