LTL Freight Quotes – R+L Carriers Edition
Moderate fix1 remedy
cpe:2.3:a:eniture:ltl_freight_quotes:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.3.13
LTL Freight Quotes – R+L Carriers Edition Missing Authorization Vulnerability in WordPress Plugin
Vulnerability
Patched
A missing authorization vulnerability has been identified in the LTL Freight Quotes – R+L Carriers Edition plugin for WordPress, affecting all versions through 3.3.13. The vulnerability arises from inadequate authentication, authorization, and nonce verification in a standalone PHP file that processes GET parameters and updates WordPress options. This flaw allows unauthenticated attackers to alter the plugin's subscription plan settings, downgrading stores from paid plans to the Trial Plan, changing store types, and manipulating subscription expiration dates. Such changes could disrupt premium features like Dropship and Hazardous Material handling.
Impact
Exploitation of this vulnerability allows unauthenticated users to modify subscription settings, potentially downgrading paid plans, altering store types, and disrupting premium features.
Reproduction
The vulnerability can be reproduced by sending a GET request to the webhook handler without authentication. The request can include parameters to change the subscription plan, store type, and expiration dates.
Remediation
Users are advised to update the LTL Freight Quotes – R+L Carriers Edition plugin to version 3.3.14 or later.
Added: Apr 8, 2026, 5:24 AM
Updated: Apr 8, 2026, 5:24 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
0.6exploitability
9.3remediation
7.7relevance
5.5threat
4.8urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.