CVE-2024-13481

Summary

CVE-2024-13481 is a vulnerability affecting the LTL Freight Quotes – R+L Carriers Edition plugin for WordPress. The issue stems from insufficient escaping of user-supplied data in the 'edit_id' and 'dropship_edit_id' parameters. Attackers can exploit this weakness by appending malicious SQL queries to existing ones, potentially gaining unauthorized access to sensitive information in the database. This SQL Injection vulnerability poses a serious threat, as it can be exploited by unauthenticated users. Versions of the plugin up to and including 3.3.4 are reportedly affected. Users are strongly urged to update the plugin to the latest version or remove it altogether to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.