CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22286 – WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.21 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22286
12 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition allows Reflected XSS. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.21. The LTL Freight Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.0.21 due to insufficient input sanitization and output escaping. This makes... • https://patchstack.com/database/wordpress/plugin/ltl-freight-quotes-worldwide-express-edition/vulnerability/wordpress-ltl-freight-quotes-worldwide-express-edition-plugin-5-0-21-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22291 – WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.20 - Arbitrary Content Deletion vulnerability
https://notcve.org/view.php?id=CVE-2025-22291
12 Feb 2025 — Missing Authorization vulnerability in enituretechnology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.20. The LTL Freight Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on a function in versions up to, and including, 5.0.20. This makes it possible for unauthentic... • https://patchstack.com/database/wordpress/plugin/ltl-freight-quotes-worldwide-express-edition/vulnerability/wordpress-ltl-freight-quotes-worldwide-express-edition-plugin-5-0-20-arbitrary-content-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24664 – WordPress LTL Freight Quotes Plugin <= 5.0.20 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-24664
18 Jan 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes – Worldwide Express Edition allows SQL Injection. This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.0.20. The LTL Freight Quotes – Worldwide Express Edition plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.0.20 due to insufficient escaping on the user supplied parameter and lack of sufficient pre... • https://patchstack.com/database/wordpress/plugin/ltl-freight-quotes-worldwide-express-edition/vulnerability/wordpress-ltl-freight-quotes-plugin-5-0-20-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •