cleantalk
Vulnerabilities and Security Researches

LTL Freight Quotes – GlobalTranz Edition, CVE-2024-13476

CVE, Research URL

CVE-2024-13476

Home page URL

Security reports for LTL Freight Quotes – GlobalTranz Edition

Application

LTL Freight Quotes – GlobalTranz Edition

Published on
Feb 20, 2025
Research Description
The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
Min -, max 2.3.12.
Status
vulnerable
Previous vulnerability researches
Labinator Content Types Duplicator (CVE-2025-31809) , Apr 03, 2025
Theme Duplicator (CVE-2025-31845) , Apr 03, 2025
WP Bulk Post Duplicator (CVE-2025-28884) , Mar 13, 2025
Multisite Post Duplicator (CVE-2016-10944) , Jun 07, 2024
Theme File Duplicator (CVE-2025-27283) , Feb 27, 2025
New vulnerability
Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor (CVE-2025-1986) , May 07, 2025
Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (CVE-2024-13803) , May 07, 2025
Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler (CVE-2022-4974) , May 07, 2025
Admin and Site Enhancements (ASE) (CVE-2024-43333) , May 07, 2025
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-9864) , May 07, 2025