cbcvebase.

Enituretechnology Ltl Freight Quotes Worldwide Express Edition vulnerabilities

4 known vulnerabilities affecting enituretechnology/ltl_freight_quotes_worldwide_express_edition.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-24664P2CRITICALCVSS 9.3≤ 5.0.202025-01-27
CVE-2025-24664 [CRITICAL] CWE-89 CVE-2025-24664: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition ltl-freight-quotes-worldwide-express-edition allows SQL Injection.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through <= 5.0.20.
nvd
CVE-2024-13473P3HIGHCVSS 7.5≤ 5.0.202025-02-12
CVE-2024-13473 [HIGH] CWE-89 CVE-2024-13473: The LTL Freight Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injecti The LTL Freight Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameter in all versions up to, and including, 5.0.20 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauth
nvd
CVE-2025-22291P4MEDIUMCVSS 5.3≤ 5.0.202025-02-16
CVE-2025-22291 [MEDIUM] CWE-862 CVE-2025-22291: Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edit Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition ltl-freight-quotes-worldwide-express-edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through <= 5.0.20.
nvd
CVE-2025-22286P4HIGHCVSS 7.1≤ 5.0.212025-02-16
CVE-2025-22286 [HIGH] CWE-79 CVE-2025-22286: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition ltl-freight-quotes-worldwide-express-edition allows Reflected XSS.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through <= 5.0.21.
nvd
Enituretechnology Ltl Freight Quotes Worldwide Express Edition vulnerabilities | cvebase